24 replies to this topic

[ken545]

That file is fine. Personally I would uninstall HitmanPro

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

See this Link  for programs that need to be disabled and instruction on how to disable them.

Remember to re-enable them when we're done.

 

Double click on ComboFix.exe & follow the prompts.

 

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 

 

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[hondaspeed05]

ComboFix 14-10-29.01 - Megan325 10/29/2014  21:28:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4000.2385 [GMT -4:00]
Running from: c:\users\Megan325\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\h0xupEaF.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\h0xupEaF.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\h0xupEaF.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\manifest.json
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\background.html
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\content.js
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\h0xupEaF.js
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\lsdb.js
c:\users\Megan325\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\manifest.json
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\background.html
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\content.js
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\h0xupEaF.js
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\lsdb.js
c:\users\Megan325\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpdjchidlgodmjomhnaoaednbojlbjlo\2.0\manifest.json
c:\users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_anmjbcpapldonjdblbhcpffjokakiffn_0.localstorage
c:\users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Megan325\g2mdlhlpx.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\bszip.dll
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-30  )))))))))))))))))))))))))))))))
.
.
2014-10-30 01:40 . 2014-10-30 01:40    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-30 01:37 . 2014-10-30 01:37    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FF15DB4-FD30-4C79-8974-66631F33D6AD}\offreg.dll
2014-10-30 00:24 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FF15DB4-FD30-4C79-8974-66631F33D6AD}\mpengine.dll
2014-10-29 00:04 . 2014-10-30 00:23    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 00:04 . 2014-10-29 00:04    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-29 00:04 . 2014-10-01 15:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-29 00:04 . 2014-10-01 15:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 00:04 . 2014-10-01 15:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-28 02:14 . 2014-10-28 23:57    --------    d-----w-    C:\FRST
2014-10-28 01:01 . 2014-10-28 01:01    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-10-28 00:30 . 2014-10-28 00:30    --------    d-----w-    c:\users\Megan325\AppData\Local\ElevatedDiagnostics
2014-10-15 00:12 . 2014-07-07 02:06    206848    ----a-w-    c:\windows\system32\mfps.dll
2014-10-15 00:11 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-15 00:11 . 2014-09-18 01:32    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-11 20:44 . 2010-08-30 12:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-10-11 20:43 . 2014-10-28 00:35    --------    d-----w-    C:\AdwCleaner
2014-10-11 17:07 . 2014-10-11 17:07    241248    ----a-w-    c:\windows\system32\drivers\72488640.sys
2014-10-11 16:52 . 2014-10-11 16:52    --------    d-----w-    c:\users\Megan325\AppData\Roaming\AVAST Software
2014-10-11 16:50 . 2014-10-11 16:50    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-10-11 16:50 . 2014-10-11 16:50    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-10-11 16:50 . 2014-10-11 16:50    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-10-11 16:50 . 2014-10-11 16:50    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-10-11 16:50 . 2014-10-11 16:50    426848    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-10-11 16:50 . 2014-10-11 16:50    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-10-11 16:50 . 2014-10-11 16:50    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-10-11 16:50 . 2014-10-11 16:50    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-10-11 16:50 . 2014-10-11 16:50    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-10-11 16:50 . 2014-10-11 16:50    43152    ----a-w-    c:\windows\avastSS.scr
2014-10-11 16:49 . 2014-10-11 16:49    --------    d-----w-    c:\program files\AVAST Software
2014-10-11 16:48 . 2014-10-11 16:49    --------    d-----w-    c:\programdata\AVAST Software
2014-10-10 03:40 . 2014-10-10 03:40    --------    d-----w-    c:\users\Megan325\AppData\Local\Macromedia
2014-10-10 03:40 . 2014-10-10 03:40    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-10 03:40 . 2014-10-10 03:40    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-10 03:40 . 2014-10-10 03:40    --------    d-----w-    c:\windows\system32\Macromed
2014-10-02 02:54 . 2014-10-02 03:33    --------    d-----w-    c:\programdata\HitmanPro
2014-10-02 02:53 . 2014-10-02 19:53    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-01 00:15 . 2014-10-01 00:15    --------    d-----w-    c:\program files (x86)\Techsnab
2014-10-01 00:10 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 00:10 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-30 02:35 . 2014-09-30 02:35    5    ----a-w-    c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 00:14 . 2012-12-28 13:09    380    ----a-w-    c:\users\Megan325\AppData\Roaming\sp_data.sys
2014-10-16 00:12 . 2013-01-13 22:29    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-10-10 21:56 . 2014-09-05 21:56    70144    ----a-w-    c:\windows\SysWow64\tasks.dll
2014-09-09 22:11 . 2014-09-24 12:10    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 12:10    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-06 22:43 . 2014-09-06 22:43    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-27 23:23 . 2011-03-29 02:36    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-27 23:30    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 23:30    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-22 12:36    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-22 12:36    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8620 (NET)"="c:\program files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe" [2013-09-11 3485728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-06 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2014-1-29 144384]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-4-22 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswVmm;aswVmm;c:\users\Megan325\AppData\Local\Temp\aswVmm.sys;c:\users\Megan325\AppData\Local\Temp\aswVmm.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 DigiTraceSSSvc;DigiTrace Supervisor Master Server Service;c:\program files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe;c:\program files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-17 15:27    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-30 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001.job
- c:\users\Megan325\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-11 16:50    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-10-26 1654992]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-04 213824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-08-02 416992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Megan325\AppData\Roaming\Mozilla\Firefox\Profiles\qfh3wg8k.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-10-01 23:09; firefox-hotfix@mozilla.org; c:\users\Megan325\AppData\Roaming\Mozilla\Firefox\Profiles\qfh3wg8k.default\extensions\firefox-hotfix@mozilla.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon Cloud\Verizon Cloud Service.exe
SafeBoot-92664554.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-29  21:54:05
ComboFix-quarantined-files.txt  2014-10-30 01:54
.
Pre-Run: 56,251,449,344 bytes free
Post-Run: 55,490,691,072 bytes free
.
- - End Of File - - EC4406616049BCE526CA29AA8B11326F
 

[ken545]

Looks like some entries where removed, lets do this

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option "Remove found threats" is Unchecked

Push the Start button.

ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

Push the button.

Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

[hondaspeed05]

here it is: 

 

C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe    a variant of Win32/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll    a variant of Win32/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe    a variant of Win32/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.dll    a variant of Win32/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.exe    a variant of Win32/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll    a variant of Win32/Techsnab.A potentially unwanted application
 

[ken545]

Some bad stuff, this should take care of it

 

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).

Please copy the entire contents of the code box below.

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.

You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

 

Start
CloseProcesses:
C:\Program Files (x86)\Techsnab
Hosts:
EmptyTemp:
End

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Then open FRST or FRST64 and click on fix

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[hondaspeed05]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Megan325 at 2014-10-31 12:49:33 Run:2
Running from C:\Users\Megan325\Desktop\computer fix
Loaded Profile: Megan325 (Available profiles: Megan325)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Program Files (x86)\Techsnab
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files (x86)\Techsnab => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 59.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[ken545]

How is your system behaving now ??

[hondaspeed05]

So far, so good.  only issue is that the wireless keeps turning off everytime it restarts.

 

Also, do you have a reccomendation for anti-virus and anti-spyware programs??

[ken545]

 

What I would do is post in our Networking forum for help with your wireless connection, there more in tune to help you with this

http://forums.whatth...p?showforum=128

 

Trend Micro Titanium Internet Security 2012 <-- Looks like your version is a few years old, I would update it.  If you want a free AV I have Microsoft Security Essentials on my system and its running with no problems

http://www.microsoft...ls.aspx?id=5201

 

You should only have one AV running, with AV software more is not better, more than one can hamper system performance, you need just one, keep it updated and run regular scans so if you decide to to with MSE than you need to uninstall Trendmicro

 

As far as Anti Malware, the best in my opinion is the Pro Version of Malwarebytes, it will help block known bad websites, the cost is minimal but this of course is up to you

 

 

Double click on AdwCleaner.exe to run the tool again.

•  

• Click on the Uninstall button.

• Click Yes when asked are you sure you want to uninstall.

• Both AdwCleaner.exe, its folder and all logs will be removed.

 

 

 

==========================================================

 

 

Please download DelFix and save the file to your Desktop.

 

•  

• Windows XP Double Click DelFix.exe to run the program. 

• Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 

• Place a checkmark next to the following items

 

•  

• Activate UAC

• Remove Disinfection Tools

• Create registry backup

• Reset System Settings

 

 

Click the Run button

 

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

 

 

 

==========================================================

 

 

 

•  

How did I get infected in the first place ?    

Read these links and find out how to prevent getting infected again.

• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.

• WhattheTech

• Grinler BleepingComputer

• GeeksTo Go

• Dslreports

 

 

 

Safe Surfn

Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.