Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer HiJacked - pop ups / ads [Solved]


  • This topic is locked This topic is locked
21 replies to this topic

#1 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 04 May 2014 - 04:17 PM

I am looking for some help to get this straightened out please. My Chrome browser has a snapdo homepage. I had some issues that a friend fixed and removed some programs, got working antivirus and got my internet explorer working but said there is more there and suggested this site to me.

 

I ran the dds program and the log is pasted below.

 

Please help if you can!

 

Thanks!

Dan

 

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Tease at 16:56:29.16 on Sun 05/04/2014
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2004.436 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\003\vxlsnyaiet32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SalonBiz\SalonBiz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tease\Desktop\malware removal files\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081024
mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081024
mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081024
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\users\tease\appdata\roaming\qwiklinx\Qwiklinx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - c:\users\tease\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Cartwheel: {b50df051-e1d4-439c-b94e-f4de82b56542} - c:\users\tease\appdata\roaming\cartwheel\Cartwheel.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_77B66175FF1ADC7C53A5C4A2372E2B86] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRunOnce: [Application Restart #4] c:\program files\google\chrome frame\application\chrome.exe  --automation-channel=chrometestinginterface:4800.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --user-data-dir="c:\users\tease\appdata\local\microsoft\windows\temporary internet files\Google Chrome Frame" --chrome-version=17.0.963.79 --lang=en-US --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\tease\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0349A97C-F561-496C-9344-F1DCE89A54E9} = 8.8.8.8,69.217.161.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-3 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-5-3 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-5-3 411552]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-3 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-3 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-3 50344]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\tease\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2013-2-15 107520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-12-11 47640]
R2 vncserver;VNC Server;c:\program files\realvnc\vnc server\vncserver.exe [2012-12-16 3602312]
R2 vxlsnyaiet32;vxlsnyaiet32;c:\program files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=6e6b36eb-9156-411b-b951-c735f4747dcf --> c:\program files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-31 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-31 136176]
.
=============== Created Last 30 ================
.
2014-05-04 00:14:58 -------- d-----w- c:\users\tease\appdata\roaming\AVAST Software
2014-05-04 00:13:40 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-04 00:13:40 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-04 00:13:39 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 00:13:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 00:13:39 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 00:13:35 43152 ----a-w- c:\windows\avastSS.scr
2014-05-04 00:12:16 -------- d-----w- c:\program files\AVAST Software
2014-05-04 00:10:49 -------- d-----w- c:\progra~2\AVAST Software
2014-05-03 08:00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 09:33:28 8050496 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c84e8f0f-91ed-4c77-bc71-3f305be815fc}\mpengine.dll
2014-04-29 01:44:49 8050496 ------w- c:\progra~2\microsoft\windows defender\definition updates\updates\mpengine.dll
2014-04-20 18:10:15 -------- d-----w- c:\program files\Information
2014-04-20 18:08:49 -------- d-----w- c:\program files\LPT
2014-04-20 18:07:49 -------- d-----w- c:\users\tease\appdata\local\LPT
2014-04-20 18:07:47 -------- d-----w- c:\users\tease\appdata\local\Smartbar
2014-04-20 18:05:24 -------- d-----w- c:\program files\HQvidPv1.1
2014-04-14 17:13:52 -------- d-----w- c:\program files\Flash Update
2014-04-14 17:13:33 -------- d-----w- c:\program files\MyPC Backup
2014-04-14 17:11:46 -------- d-----w- c:\users\tease\appdata\local\pptaddin
2014-04-14 17:11:37 -------- d-----w- c:\users\tease\appdata\local\SoftUpdate
2014-04-14 17:11:37 -------- d-----w- c:\users\tease\appdata\local\emaze
2014-04-14 17:09:54 -------- d-----w- c:\program files\003
2014-04-11 12:23:30 -------- d-----w- c:\users\tease\appdata\local\visi_coupon
.
==================== Find3M  ====================
.
2014-03-31 14:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:57:51.50 ===============
 


    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 May 2014 - 11:43 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
I notice that this is a business edition of your computer....is this a business/work computer?  If so, do you have permission to make changes to this system?


Posted Image
 
 

#3 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 May 2014 - 04:11 PM

hi Jeff,

 

I am the salon owner and my computer is really slow and constant popups. I'd like to clean it up and have it run without the excess stuff happening. I was told it's easy to follow the directions and will do my best to keep up.

 

Thanks for your help!

Dan



#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 May 2014 - 06:35 PM

Ok great!  Thanks for letting me know.
 
81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


Posted Image
 
 

#5 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 06 May 2014 - 11:07 PM

hi Jeff,

 

Thanks again for the help! So far I think I'm doing well.

 

The adwcleaner didn't take very long,  I tried to understand the log, I need my salonbiz software left alone. I seen chrome on the list,  we downloaded that because Internet Explorer wouldn't connect to the Internet.  I'll remove chrome if you want me to.

 

The tdsskiller had me download an updated version,  the scan came up clean,  hope that's good :)

 

adwcleaner log below

# AdwCleaner v3.207 - Report created 06/05/2014 at 23:39:41
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Tease - TEASE-PC
# Running from : C:\Users\Tease\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : DefaultTabUpdate

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Tease\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\System32\Tasks\DTReg
Folder Found : C:\Program Files\003
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\LPT
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\Qwiklinx
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Tease\AppData\Local\emaze
Folder Found : C:\Users\Tease\AppData\Local\getsavin
Folder Found : C:\Users\Tease\AppData\Local\LPT
Folder Found : C:\Users\Tease\AppData\Local\Smartbar
Folder Found : C:\Users\Tease\AppData\Local\visi_coupon
Folder Found : C:\Users\Tease\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\Tease\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Tease\AppData\Roaming\Qwiklinx

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\Supra Savings
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\LevelQualityWatcher
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B689793D-7506-490D-A6CE-6F916D7F45FD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B689793D-7506-490D-A6CE-6F916D7F45FD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\suprasavings
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR9JlWm-ZsY5JeD_2W7SpKI-ZjDftJQ9J0hbq8Ip3MbhwkUNeTHMVVDKu1pEZPRmNLKxR60TDpsylF3prZTgobKZZ1YJgrB-1hrb0SqEW3TyN6MrNKlmDe4S200uKVxsxHHeHWX1m5AwWqcsddaLOfq_tjtgsUX1w38mGt4qzIbFFpAw&q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=M3AFE96F2-EACB-4682-B61E-CD6038716B57&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR9JlWm-ZsY5JeD_2W7SpKI-ZjDftJQ9J0hbq8Ip3MbhwkUNeTHMVVDKu1pEZPRmNLKxR60TDpsylF3prZTgobKZZ1YJgrB-1hrb0SqEW3TyN6MrNKXGWcXycDTpGpq7AA8tBrJymOxx3pCrKPmQVuQCrb71FJhLSwE06qxYGQ1-VTKY
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [11139 octets] - [06/05/2014 23:39:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11200 octets] ##########



#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 May 2014 - 05:36 AM

I need my salonbiz software left alone.

No problem....did you mention this because you see some of it in one of the logs that we have produced?  If so, could you tell me which one(s) it is?  

 

Don't worry about Chrome....if we need to fix that further than we will shortly.  :)


Posted Image
 
 

#7 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 May 2014 - 11:05 AM

Hi Jeff,

 

I looked over the scan more and didn't see my salonbiz software in it. That is the only software that I am concerned about though.

 

We didn't use chrome before and I was told that I would be better off with firefox once the computer was cleaned up. So, I am ok with removing chrome. I noticed the avg was still in the logs, we removed that due to it not updating and installed the avast stuff. On the first scan with avast, it found some infections and removed them.

 

Thanks again!



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 May 2014 - 11:09 AM

Ok thanks for letting me know....
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#9 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 May 2014 - 10:27 PM

hi again Jeff, 

 

Sorry for the delay,  have to wait for everyone to be out of the salon to take over. I did like you told me, ran combofix.

Right now, Internet Explorer won't connect to the Internet so I'm using Chrome. 

 

Another thing I remembered,  on April 28th, we reverted back to April 14th to get my Internet connection back up and there was a bunch of odd programs installed on the 14th and 20th. The 14th was as far back as the computer had for restore points. 

 

After I post this,  I am gong to reboot and maybe Internet Explorer will be Ok? 

 

 

 

ComboFix 14-05-07.03 - Tease 05/07/2014  22:46:09.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2004.1092 [GMT -5:00]
Running from: c:\users\Tease\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0\5-journal
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0\5
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0\4-journal
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0\4
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\background.html
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\chromeCoreFilesIndex.txt
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\crossriderManifest.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\extensionData\manifest.xml
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\extensionData\plugins.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\icons\actions\1.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\icons\icon128.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\icons\icon16.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\icons\icon48.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\manifest.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\popup.html
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\background.html
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\chromeCoreFilesIndex.txt
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\crossriderManifest.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\extensionData\manifest.xml
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\extensionData\plugins.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\icons\actions\1.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\icons\icon128.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\icons\icon16.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\icons\icon48.png
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\manifest.json
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl\1.26.41_0\popup.html
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\000005.ldb
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\000008.ldb
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\000011.log
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\CURRENT
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\LOCK
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\LOG
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gngfnjclpjflgomhidfecidndbfaniak\MANIFEST-000010
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\000005.ldb
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\000008.ldb
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\000011.log
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\CURRENT
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\LOCK
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\LOG
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgacjdfplhakjfljpbbagagjcbccpmnl\MANIFEST-000010
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0.localstorage-journal
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngfnjclpjflgomhidfecidndbfaniak_0.localstorage
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0.localstorage-journal
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgacjdfplhakjfljpbbagagjcbccpmnl_0.localstorage
c:\users\Tease\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\windows\system32\Cache
c:\windows\system32\Cache\09c10ad0248f0db7.fb
c:\windows\system32\Cache\0fc316cf04d91f40.fb
c:\windows\system32\Cache\109b8833e68409a6.fb
c:\windows\system32\Cache\11f988bf5202d7e7.fb
c:\windows\system32\Cache\133305a6b206e301.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\305deac44a808adc.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3f84ebef8ba88300.fb
c:\windows\system32\Cache\3ffb9aca1732ec79.fb
c:\windows\system32\Cache\5548f91c93a4c4df.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\611c32904e3289ba.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6540ae13ac1b6636.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\879a415a7dae7765.fb
c:\windows\system32\Cache\8c647ae6f0776974.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\a8829f8f1c665b6b.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b7a46e2a26119776.fb
c:\windows\system32\Cache\bf8657dad7d392b3.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2bbec6415d9edf8.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dfa8b37a842129ec.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e666dbf665eb8c81.fb
c:\windows\system32\Cache\ed7ae957064ffaea.fb
c:\windows\system32\Cache\ee8ec64979496eba.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-08 to 2014-05-08  )))))))))))))))))))))))))))))))
.
.
2014-05-07 04:40 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-07 04:39 . 2014-05-07 04:40 -------- d-----w- C:\AdwCleaner
2014-05-06 10:20 . 2014-04-17 10:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43B461D9-A7AA-4B68-AF60-B16CF3DF381B}\mpengine.dll
2014-05-04 00:14 . 2014-05-04 00:14 -------- d-----w- c:\users\Tease\AppData\Roaming\AVAST Software
2014-05-04 00:13 . 2014-05-04 00:13 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-04 00:13 . 2014-05-04 00:13 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-04 00:13 . 2014-05-04 00:13 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-04 00:13 . 2014-05-04 00:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 00:13 . 2014-05-04 00:13 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-04 00:13 . 2014-05-04 00:13 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 00:13 . 2014-05-04 00:13 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-04 00:13 . 2014-05-04 00:13 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 00:13 . 2014-05-04 00:13 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-04 00:13 . 2014-05-04 00:13 43152 ----a-w- c:\windows\avastSS.scr
2014-05-04 00:12 . 2014-05-04 00:12 -------- d-----w- c:\program files\AVAST Software
2014-05-04 00:10 . 2014-05-04 00:11 -------- d-----w- c:\programdata\AVAST Software
2014-05-03 08:00 . 2014-04-29 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 01:29 . 2014-05-05 21:30 -------- d-----w- c:\users\Public\Util
2014-04-20 18:10 . 2014-04-20 18:10 -------- d-----w- c:\program files\Information
2014-04-20 18:08 . 2014-04-20 19:09 -------- d-----w- c:\program files\LPT
2014-04-20 18:07 . 2014-04-29 01:28 -------- d-----w- c:\users\Tease\AppData\Local\LPT
2014-04-20 18:07 . 2014-04-20 18:07 -------- d-----w- c:\users\Tease\AppData\Local\Smartbar
2014-04-20 18:05 . 2014-04-20 18:06 -------- d-----w- c:\program files\HQvidPv1.1
2014-04-14 17:13 . 2014-04-14 17:13 -------- d-----w- c:\program files\Flash Update
2014-04-14 17:13 . 2014-04-14 17:14 -------- d-----w- c:\program files\MyPC Backup
2014-04-14 17:11 . 2014-04-14 17:11 -------- d-----w- c:\users\Tease\AppData\Local\pptaddin
2014-04-14 17:11 . 2014-05-05 18:00 -------- d-----w- c:\users\Tease\AppData\Local\SoftUpdate
2014-04-14 17:11 . 2014-04-14 17:11 -------- d-----w- c:\users\Tease\AppData\Local\emaze
2014-04-14 17:09 . 2014-04-29 01:28 -------- d-----w- c:\program files\003
2014-04-11 12:23 . 2014-04-30 23:50 -------- d-----w- c:\users\Tease\AppData\Local\visi_coupon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 14:35 . 2009-10-02 23:16 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-02-07 10:38 . 2014-03-12 05:51 2050560 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2014-02-11 1565464]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2013-01-22 15:33 231872 ----a-w- c:\users\Tease\AppData\Roaming\Cartwheel\Cartwheel.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-04 00:13 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-31 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"GoogleChromeAutoLaunch_77B66175FF1ADC7C53A5C4A2372E2B86"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-15 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-15 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-15 138008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1282048]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-04 3873704]
.
c:\users\Tease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0aswBoot.exe /M:1b2a9a78bed /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3317765444-2801609547-1844496941-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 07:29 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-07 c:\windows\Tasks\2-Way Appt Confirmation.job
- c:\program files\Demandforce D3\DFLink\DFLink.exe [2014-04-29 12:30]
.
2014-05-07 c:\windows\Tasks\Demandforce DFLink Update.job
- c:\program files\Demandforce D3\DFLink\DFUpdate.exe [2013-11-12 03:00]
.
2014-05-08 c:\windows\Tasks\Demandforce DFLink Upload.job
- c:\program files\Demandforce D3\DFLink\DFLink.exe [2014-04-29 12:30]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 14:53]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-31 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081024
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: Interfaces\{0349A97C-F561-496C-9344-F1DCE89A54E9}: NameServer = 8.8.8.8,69.217.161.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
AddRemove-DefaultTab - c:\users\Tease\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-07 22:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\ASF Agent\ASFAgent.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\RealVNC\VNC Server\vncserver.exe
c:\program files\RealVNC\VNC Server\vncserver.exe
c:\program files\003\vxlsnyaiet32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
.
**************************************************************************
.
Completion time: 2014-05-07  23:02:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-08 04:02
.
Pre-Run: 188,057,665,536 bytes free
Post-Run: 187,952,496,640 bytes free
.
- - End Of File - - C5F99C791721E60E57FA5B57AD9430BF
5C616939100B85E558DA92B899A0FC36

Edited by HairManDan, 07 May 2014 - 10:31 PM.


#10 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 07 May 2014 - 10:42 PM

After rebooting,  Internet Explorer works again.  Not getting extra pages and pop up ads either!!!

:banana:


    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 May 2014 - 05:23 AM

Good job!  While I am reviewing the ComboFix log, please do the following...
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------


Posted Image
 
 

#12 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 May 2014 - 12:52 PM

Jeff,

 

Did exactly as you said to, everything went fine.

 

THANKS AGAIN !

 

# AdwCleaner v3.207 - Report created 08/05/2014 at 13:48:03
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Tease - TEASE-PC
# Running from : C:\Users\Tease\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\LPT
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Qwiklinx
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Tease\AppData\Local\emaze
Folder Deleted : C:\Users\Tease\AppData\Local\getsavin
Folder Deleted : C:\Users\Tease\AppData\Local\LPT
Folder Deleted : C:\Users\Tease\AppData\Local\Smartbar
Folder Deleted : C:\Users\Tease\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Tease\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Tease\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Tease\AppData\Roaming\Qwiklinx
File Deleted : C:\END
File Deleted : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\DTReg

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B689793D-7506-490D-A6CE-6F916D7F45FD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B689793D-7506-490D-A6CE-6F916D7F45FD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Tease\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR9JlWm-ZsY5JeD_2W7SpKI-ZjDftJQ9J0hbq8Ip3MbhwkUNeTHMVVDKu1pEZPRmNLKxR60TDpsylF3prZTgobKZZ1YJgrB-1hrb0SqEW3TyN6MrNKlmDe4S200uKVxsxHHeHWX1m5AwWqcsddaLOfq_tjtgsUX1w38mGt4qzIbFFpAw&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3326302&octid=EB_ORIGINAL_CTID&ISID=M3AFE96F2-EACB-4682-B61E-CD6038716B57&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [11281 octets] - [06/05/2014 23:39:41]
AdwCleaner[R1].txt - [9260 octets] - [08/05/2014 13:46:52]
AdwCleaner[S0].txt - [9239 octets] - [08/05/2014 13:48:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9299 octets] ##########



#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 May 2014 - 03:22 PM

Looking pretty good.  How is your system running for you??   :)

 

 

When you ran DDS there should have been another log made named Attach.txt.  Could you post that please?  Thanks!


Posted Image
 
 

#14 HairManDan

HairManDan

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 08 May 2014 - 04:15 PM

hi Jeff,

 

Computer is running so much better already! Not getting pop ups like before and records are so much faster! You are amazing!

 

I only got 1 log from the dds when I first ran it. It was taking forever so I stopped it after I got the log.  Hope I didn't mess up?

 

I ran dds just now,  much quicker and got both logs!

 

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Tease at 17:05:35.89 on Thu 05/08/2014
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.2004.901 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\SalonBiz\SalonBiz.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tease\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081024
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Cartwheel: {b50df051-e1d4-439c-b94e-f4de82b56542} - c:\users\tease\appdata\roaming\cartwheel\Cartwheel.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_77B66175FF1ADC7C53A5C4A2372E2B86] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\tease\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0349A97C-F561-496C-9344-F1DCE89A54E9} = 8.8.8.8,69.217.161.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-3 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-5-3 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-5-3 411552]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-3 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-3 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-3 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-12-11 47640]
R2 vncserver;VNC Server;c:\program files\realvnc\vnc server\vncserver.exe [2012-12-16 3602312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-31 136176]
S2 vxlsnyaiet32;vxlsnyaiet32;c:\program files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=6e6b36eb-9156-411b-b951-c735f4747dcf --> c:\program files\003\vxlsnyaiet32.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-31 136176]
.
=============== Created Last 30 ================
.
2014-05-08 03:56:52 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-08 03:54:37 -------- d-----w- c:\users\tease\appdata\local\temp
2014-05-08 03:44:01 98816 ----a-w- c:\windows\sed.exe
2014-05-08 03:44:01 518144 ----a-w- c:\windows\SWREG.exe
2014-05-08 03:44:01 256000 ----a-w- c:\windows\PEV.exe
2014-05-08 03:44:01 208896 ----a-w- c:\windows\MBR.exe
2014-05-07 04:40:11 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-07 04:39:27 -------- d-----w- C:\AdwCleaner
2014-05-06 10:20:49 8050496 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{43b461d9-a7aa-4b68-af60-b16cf3df381b}\mpengine.dll
2014-05-04 00:14:58 -------- d-----w- c:\users\tease\appdata\roaming\AVAST Software
2014-05-04 00:13:40 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-04 00:13:40 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-04 00:13:39 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 00:13:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 00:13:39 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 00:13:35 43152 ----a-w- c:\windows\avastSS.scr
2014-05-04 00:12:16 -------- d-----w- c:\program files\AVAST Software
2014-05-04 00:10:49 -------- d-----w- c:\progra~2\AVAST Software
2014-05-03 08:00:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 01:44:49 8050496 ------w- c:\progra~2\microsoft\windows defender\definition updates\updates\mpengine.dll
2014-04-20 18:10:15 -------- d-----w- c:\program files\Information
2014-04-20 18:05:24 -------- d-----w- c:\program files\HQvidPv1.1
2014-04-14 17:13:52 -------- d-----w- c:\program files\Flash Update
2014-04-14 17:11:46 -------- d-----w- c:\users\tease\appdata\local\pptaddin
2014-04-14 17:11:37 -------- d-----w- c:\users\tease\appdata\local\SoftUpdate
.
==================== Find3M  ====================
.
2014-03-31 14:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 17:06:36.13 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 10/24/2008 9:59:13 AM
System Uptime: 5/8/2014 1:49:00 PM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0GM819
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 172.862 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.138 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.5
ATT-HSI
avast! Free Antivirus
BetaBrite Messaging Software
Browser Address Error Redirector
Cartwheel Shopping
CleanUp!
Crystal 11.5
Dell ETS Factory Installation
Dell Getting Started Guide
Demandforce
EDocs
emaze PowerPoint Add-In
Foxit Reader
GetSavin
Google Chrome
Google Chrome Frame
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Driver Diagnostics
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
InstaCodecs
Intel® Matrix Storage Manager
Intel® PRO Alerting Agent
Intel® PRO Network Connections 12.1.12.4
Java™ 6 Update 17
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MrvlUsgTracking
NoAdware v5.0
OpenOffice.org 3.0
PowerDVD
PowerTeacher Gradebook
Sales Statistics
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
TidyView
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.3
VNC Viewer 5.0.3
W Photo Studio
Winamp
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 



#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 May 2014 - 06:32 PM

Ok good to hear....let's get some updates and be sure nothing is in there hiding.
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Hyper Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users