Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Mothers computer infected with snapdo, internet is slow

  1. #1
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default Mothers computer infected with snapdo, internet is slow

    Edit http://forums.spybot.info/showthread...Chrome-is-down
    ------------------------------------
    My mother's computer has been infected with something called snapdo. it has gotten very slow and chrome is practically unuseable.

    It is a new computer. It had windows 8 first, but they hated W8, and it got the viruses on it too. They reformatted and instlaled windows 7 (should be a fresh copy of windows), and the viruses got there soon after.



    The symptoms are as follows:
    • -- booting up is very slow.
    • -- Exiting sleep mode takes a long time, and when it exits I get the error message Photo Screensaver stopped working



    MalwareBhytes keeps blocking stuff, seems to be associated with snapdo showing up in new tabs. Looking through the malwarebyte logs, it keeps on picking up on a few things, the IP addres
    It keeps on seen srptm.exe (associated with chome)
    IP address swithces between IP - block 162.210.192.22 and 192.26
    with port 63096, 63097, 63163, 63164, 63257, 63258
    and also logged sndappv2.exe with ip, with similar ports and ip addresses. I can retrieve the logs for you.

    For Chrome, Chrome runs as slow as the century bulb when picking up a new page or starting a new tab.
    The new tab and search engine defaults to search.snapdo.com
    It has some exentions that can't be killed: Highlightly and Tube Dimmer
    the startup pages have been canged to search.conduit.com and feed.snapdo.com

    Internet explorer is as slow as the grand pitch drop experiment when starting a new tab and now because of the virus it has popups too.
    It now has the snapdo bar, which reloads on every page. the home page and new tab page default to snapdo.

    IE also reports a few IE extensions:
    • tubeDimmer
    • highlightly
    • findwide
    • mywordtool
    • helpAPI
    • tidynetwork
    • snap.do
    • smartbarInternetExplorerBHOEngine
    • Yahoo! Toolbar (maybe not a virus, but can we remove it anyway?)
    • Yahoo tollbarhelper
    • singleInstanceClass by YHahoo! Inc




    I went looking through the Add/remove programs in control panel, and picked out some that look bad (i haven't done anythign yet)
    • albrechto
    • findewide.com
    • helperapps
    • highlightly
    • microsoftsecurityessentials (it doesn't look like the official i think)
    • mywordtool
    • snap.do
    • snap.do.engine
    • tubedimmer
    • tubedimmer updater
    • yahoo toolbar


    snapdo also put popups into IE that play sound. they take over the window and run very slow. It blocks access to the settings menu while it is loading. once the popup loads fully, control is returned and you can close the popup.

    I had to reboot during this process, it got hit with a waiting for "" programs to close (its an empty string) error message
    took a long time to wake up after that.

    As it started, I got a message from the UserAccount Control
    • the usual a program is trying to access your computer type of message
    • setup.exe
    • publisher: unknown
    • origine: harddrive
    • location: "c:\users\becker\appdata\local\temp\s3mk\setup.exe" /s

    I told it not to do anything

    The Microsoft Security Client User Interface popped up from the notification center. I don't recognize it as a real microsoft product, but i haven't used them in a while.
    before I rebooted it had mentioned that I was in need of protection. now it said I was protected. but nothing was changed by me. it seems fishy.







    SPYBOT LOGS
    spybotlogs.zip
    I ran SPybot, and hit a paradox. Spybot first said it was out of date. then when I tried to update it, it said it was already up to date. Look at the jpg picture attached in the zip to see what it looks like. I poked around in the update log, and it seems like it couldn't reach the spybot website to get the download. I then ran a scan, but I was having trouble editing the logfile like you guys like, so I ahve the whole thing in the zip.





    DDS LOGS
    attach.zip

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
    Run by Becker at 18:54:57 on 2014-03-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3968.2409 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    C:\ProgramData\Updater\updater.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\LPT\srpts.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Users\Becker\AppData\Local\Smartbar\Application\SnapDo.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Users\Becker\AppData\Local\LPT\srptm.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\albrechto\updatealbrechto.exe
    C:\Users\Becker\AppData\Local\Smartbar\Application\Lrcnta.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe
    C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
    C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
    C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k HPService
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH47wqF9LzMF7h-ut22GnIEZWP3gGGjbBLyGwL2-xlD2-e0vOs73owtEVWLW7LqEsA,,
    uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    uDefault_Page_URL = hxxp://search.findwide.com/?guid={E4A8993E-209C-4F1D-9819-F5C172BAE9DB}&serpv=22
    uProxyServer =
    uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
    BHO: MyWordTool: {45470599-8237-486D-87B5-E89CD6AED154} - C:\Users\Becker\AppData\Roaming\MyWordTool\temp.dat
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HelperApps: {F36C4DA0-8FBA-3F8B-C92B-A66ED4B7B0EA} - C:\Program Files (x86)\HelperApps\petn.dll
    BHO: TidyNetwork: {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BD352RK05XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
    uRun: [Updater] C:\ProgramData\Updater\updater.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [Browser Infrastructure Helper] C:\Users\Becker\AppData\Local\Smartbar\Application\SnapDo.exe startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [Updater] C:\ProgramData\Updater\Updater.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Windows\System32\Sendori.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
    TCP: Interfaces\{522A3844-5AD8-44BA-A5A4-41A0E32E5438} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D9048890-0845-4039-B7C2-DCDC2B6D48AF} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: HelperApps: {F36C4DA0-8FBA-3F8B-C92B-A66ED4B7B0EA} - C:\Program Files (x86)\HelperApps\petn64.dll
    x64-BHO: TidyNetwork: {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn64.dll
    x64-TB: FindWide Toolbar: {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} -
    x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-12-30 55024]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-12-31 28600]
    R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-31 440400]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-31 440400]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-12-31 108440]
    R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-2-6 2360608]
    R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
    R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-12-26 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-26 161560]
    R2 LPTSystemUpdater;LPT System Updater Service;C:\Program Files (x86)\LPT\srpts.exe [2014-2-6 32288]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-26 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-26 701512]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-1 246488]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-20 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-20 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-20 171416]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-26 5341536]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-12-26 363800]
    R2 Update albrechto;Update albrechto;C:\Program Files (x86)\albrechto\updatealbrechto.exe [2013-12-6 111904]
    R2 Util albrechto;Util albrechto;C:\Program Files (x86)\albrechto\bin\utilalbrechto.exe [2014-1-1 111904]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-26 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-21 805088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-26 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-26 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-26 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-26 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-03-04 12:17:21 -------- d-----w- C:\Windows\Hewlett-Packard
    2014-03-04 08:45:19 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87ECD907-A281-4DEF-A01E-669B386D9E7A}\mpengine.dll
    2014-03-03 08:45:54 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-02-28 19:27:51 -------- d-----w- C:\Program Files (x86)\LPT
    2014-02-28 19:26:39 -------- d-----w- C:\Users\Becker\AppData\Local\LPT
    2014-02-28 19:26:38 -------- d-----w- C:\Users\Becker\AppData\Local\Smartbar
    2014-02-28 19:25:49 -------- d-----w- C:\Program Files (x86)\HiDefMedia
    2014-02-28 15:28:01 -------- d-----w- C:\Windows\pss
    2014-02-28 08:45:24 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1524E68-8676-4223-B215-5C0CC13FEBD9}\gapaengine.dll
    2014-02-20 22:41:08 8835464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-02-13 08:03:23 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 08:03:23 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 11:45:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 11:45:15 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 11:45:15 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-12 11:45:15 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-12 11:43:59 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2014-02-12 11:43:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    .
    ==================== Find3M ====================
    .
    2014-03-13 22:38:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2014-02-20 22:41:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-20 22:41:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-01-01 01:11:52 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-01-01 01:11:52 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2014-01-01 01:11:52 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 18:55:40.65 ===============






    aswMBR.txt

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-03-13 18:56:04
    -----------------------------
    18:56:04.912 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:56:04.912 Number of processors: 2 586 0x3A09
    18:56:04.912 ComputerName: BECKER-PC UserName: Becker
    18:56:06.425 Initialize success
    18:58:59.601 AVAST engine defs: 14031301
    19:01:48.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:01:48.331 Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
    19:01:48.502 Disk 0 MBR read successfully
    19:01:48.502 Disk 0 MBR scan
    19:01:48.534 Disk 0 Windows 7 default MBR code
    19:01:48.565 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:01:48.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    19:01:48.814 Disk 0 scanning C:\Windows\system32\drivers
    19:02:01.965 Service scanning
    19:02:39.920 Modules scanning
    19:02:39.920 Disk 0 trace - called modules:
    19:02:39.936 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    19:02:39.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046c1410]
    19:02:39.936 3 CLASSPNP.SYS[fffff8800196843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800425d430]
    19:02:41.464 AVAST engine scan C:\Windows
    19:02:43.898 AVAST engine scan C:\Windows\system32
    19:11:15.985 AVAST engine scan C:\Windows\system32\drivers
    19:11:42.754 AVAST engine scan C:\Users\Becker
    19:26:07.885 AVAST engine scan C:\ProgramData
    19:29:41.075 Scan finished successfully
    20:07:27.556 Disk 0 MBR has been saved successfully to "C:\Users\Becker\Desktop\MBR.dat"
    20:07:27.587 The log file has been saved successfully to "C:\Users\Becker\Desktop\aswMBR.txt"
    Last edited by tashi; 2014-03-14 at 05:26. Reason: Added link to previous topic

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    wowssa!

    I know up front that all of this will not come off in one swoop.

    Let's try to make a dent in it each time we run something.

    Let's keep our fingers crossed.

    The Microsoft Security Client User Interface popped up from the notification center. I don't recognize it as a real microsoft product, but i haven't used them in a while.
    before I rebooted it had mentioned that I was in need of protection. now it said I was protected. but nothing was changed by me. it seems fishy.
    As far as I can tell your current version of Microsoft Security Essentials is correct but, you've installed Avira\AntiVir Desktop too?
    Would like to see only 1 antivirus on the computer.

    For MSE let's do this:
    This may be caused by MSE v2 changing the tray icon to “notification only. To make the icon visible, right click on the task bar and select properties. On the task bar tab, select “notification area” and customize. Look for the Microsoft Security Client user interface and change the setting to “Show Icon and Notification”.
    You should find in All Programs list on the Start Menu, MSE, or you will find it in this location C:\Program Files\Microsoft Security Client and double click msseces and MSE will open, then on the main page it should have a TV screen with a green tick on it if its currently active and upto date.


    Try to remove these items out of uninstall programs list
    albrechto
    findewide.com
    Highlightly
    Smartbar
    SearchProtect
    snap.do
    snap.do.engine
    tubedimmer
    tubedimmer updater

    If one resists simply go to the next.

    ~~~~~~~~~~~~~~~~~~~~~~
    c:\users\becker\appdata\local\temp
    Please locate the above folder and delete the contents inside, don't delete the folder, just whats inside ....IF it will allow it.

    ~~~~~~~~~~~~~~~~~~~

    Please download and run RogueKiller 32 Bit to your desktop.

    RogueKiller 64 Bit <---use this one for 64 bit systems

    Which system am I using?

    Quit all running programs.

    For Windows XP, double-click to start.
    For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    Click Scan to scan the system.
    When the scan completes > Close out the program > Don't Fix anything!

    Post back the report which should be located on your desktop.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.
    1. rkill.exe
    2. rkill.com
    3. rkill.scr
    4. rkill.pif
    5. WiNlOgOn.exe
    6. uSeRiNiT.exe


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean" <-- look over the list of folder, if you see anything that should not be deleted, please uncheck for this item.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    I need to see logs for
    RogueKiller
    RKill
    C:\AdwCleaner[S1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default its getting better

    some notes
    1) windows had to update first
    2) your link for roguekiller64 is dead, but the other link worked fine

    tried deleting everything:
    • albrechto - asked to reboot later
    • findwide - didn't fight back
    • highlightly - setup failed
    • search protect - was a no show, it disappeared
    • Snap do fought back (see attached)
    • snapdo engine - error : it has already been uninstalled
    • tubedimmer - gave a popup (see the snapdo report)
    • TD engine - didn't fight back


    snapdo fights back.zip

    emptied the temp folder (it doesn't show up automatically)
    1 file can't be killed: FXSAPIDebugLogFile

    The scanners and their logs
    • Rogue Killer Log: RKreport[0]_S_03152014_172928.txt
    • RKill log -- note, avira popped up with a securyt alert (I removed the issue, it is zipped into the snapdo fights back zip) Rkill.txt
    • ADWCleaner -- trying to download it (with the second link) redirects to getsoftfree.com. chrome still redirects to other sites when i try to maneuver back. went again and got it from the first blue arrow link.
    • ADWCleaner found some items, cleaned it, and rebooted. AdwCleaner[S0].txt
    • JRT ran fine, here is the report JRT.txt



    Looking over the computer now:
    chrome looks better, no exensions causing trouble. but snapdo is still a default search or new tab.
    IE: has some remnants in the extensions, but they might just be titles. They are all in 'Not Available'

    Highlightly remains in the add/remove programs, but I can't remove it, it says it may be uninstalled already.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    Good work
    Some items were partially removed, we'll attempt to remove the rest.

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default its working

    so far so good.

    once we are done though, I want to get things set up to protect the computer for them. I've used the hosts file before to block ads and bad sites, and that seems to work for them.


    Additon.Txt
    Addition.txt

    it was all too long for this post, so I attached it.


    FRST.TXT

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Becker (administrator) on BECKER-PC on 18-03-2014 08:09:11
    Running from C:\Users\Becker\Desktop
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
    (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] - [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-90707034-2536013608-1354686508-1000\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-90707034-2536013608-1354686508-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-90707034-2536013608-1354686508-1000\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-90707034-2536013608-1354686508-1000\...\MountPoints2: {09ce5ddc-85de-11e3-aa80-7c0507891520} - F:\VZW_Software_upgrade_assistant.exe
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

    ==================== Internet (Whitelisted) ====================

    ProxyServer: 
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0A07C5197102CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn.dll No File
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKCU - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.5.15.0.cab
    Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    Chrome:
    =======
    CHR DefaultSearchKeyword: search.snapdo.com
    CHR DefaultSearchProvider: Web
    CHR DefaultSearchURL: http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIaag,,&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Extension: (Google Wallet) - C:\Users\Becker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-26]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
    R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
    S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-31] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-31] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-18 08:09 - 2014-03-18 08:09 - 00013581 _____ () C:\Users\Becker\Desktop\FRST.txt
    2014-03-18 08:09 - 2014-03-18 08:09 - 00000000 ____D () C:\FRST
    2014-03-18 07:40 - 2014-03-18 07:35 - 02157056 _____ (Farbar) C:\Users\Becker\Desktop\FRST64.exe
    2014-03-15 20:17 - 2014-03-15 20:17 - 00001338 _____ () C:\Users\Becker\Desktop\JRT.txt
    2014-03-15 20:13 - 2014-03-15 20:13 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-15 20:07 - 2014-03-15 19:13 - 00007623 _____ () C:\Users\Becker\Desktop\AdwCleaner[S0].txt
    2014-03-15 18:58 - 2014-03-15 19:13 - 00000000 ____D () C:\AdwCleaner
    2014-03-15 18:56 - 2014-03-15 18:57 - 01950720 _____ () C:\Users\Becker\Desktop\AdwCleaner.exe
    2014-03-15 18:43 - 2014-03-15 18:43 - 00002324 _____ () C:\Users\Becker\Desktop\Rkill.txt
    2014-03-15 17:29 - 2014-03-15 17:29 - 00001927 _____ () C:\Users\Becker\Desktop\RKreport[0]_S_03152014_172928.txt
    2014-03-15 17:26 - 2014-03-15 18:42 - 00000000 ____D () C:\Users\Becker\Desktop\RK_Quarantine
    2014-03-15 17:25 - 2014-03-13 17:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Becker\Desktop\rkill.exe
    2014-03-15 17:25 - 2014-03-13 17:35 - 01037734 _____ (Thisisu) C:\Users\Becker\Desktop\JRT.exe
    2014-03-15 17:24 - 2014-03-14 22:36 - 03901952 _____ () C:\Users\Becker\Desktop\RogueKiller.exe
    2014-03-13 21:36 - 2014-03-13 21:36 - 00053281 _____ () C:\Users\Becker\Desktop\spybotlogs.rar
    2014-03-13 21:36 - 2014-03-13 21:36 - 00003137 _____ () C:\Users\Becker\Desktop\attach.rar
    2014-03-13 21:33 - 2014-03-13 21:33 - 00650249 _____ () C:\Users\Becker\Desktop\spybotreport 031314.txt
    2014-03-13 20:07 - 2014-03-13 20:07 - 00001843 _____ () C:\Users\Becker\Desktop\aswMBR.txt
    2014-03-13 20:07 - 2014-03-13 20:07 - 00000512 _____ () C:\Users\Becker\Desktop\MBR.dat
    2014-03-13 19:01 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-13 19:01 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-13 19:01 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-13 19:01 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-13 19:01 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-13 19:01 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-13 19:01 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-13 19:01 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-13 19:01 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-13 19:01 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-13 19:01 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-13 19:01 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-13 19:01 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-13 19:01 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-13 19:01 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-13 19:01 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-13 19:01 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-13 19:01 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-13 19:01 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-13 19:01 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-13 19:01 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-13 19:01 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-13 19:01 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-13 19:01 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-13 19:01 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-13 19:01 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-13 19:01 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-13 19:01 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-13 19:01 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-13 19:01 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-13 19:01 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-13 19:01 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-13 19:01 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-13 19:01 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-13 19:01 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-13 19:01 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-13 19:01 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-13 19:01 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-13 19:01 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-13 19:01 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-03-13 19:01 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-03-13 19:00 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-13 19:00 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-13 19:00 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-13 19:00 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-03-13 19:00 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-13 19:00 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-13 19:00 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-13 18:55 - 2014-03-13 18:55 - 00023882 _____ () C:\Users\Becker\Desktop\dds.txt
    2014-03-13 18:55 - 2014-03-13 18:55 - 00012906 _____ () C:\Users\Becker\Desktop\attach.txt
    2014-03-13 18:54 - 2014-03-13 17:42 - 04745728 _____ (AVAST Software) C:\Users\Becker\Desktop\aswMBR.exe
    2014-03-13 18:54 - 2014-03-13 17:42 - 00688992 ____R (Swearware) C:\Users\Becker\Desktop\dds.scr
    2014-03-04 10:45 - 2014-03-04 10:45 - 00000000 ____D () C:\Users\Becker\AppData\Roaming\vlc
    2014-03-04 10:32 - 2014-03-04 10:32 - 00007605 _____ () C:\Users\Becker\AppData\Local\Resmon.ResmonCfg
    2014-03-04 08:17 - 2014-03-04 08:17 - 00000000 ____D () C:\Windows\Hewlett-Packard
    2014-02-28 15:27 - 2014-02-28 15:28 - 00862120 _____ (Download Manager Cert ) C:\Users\Becker\Downloads\Setup (2).exe
    2014-02-28 15:26 - 2014-02-28 15:26 - 00001176 _____ () C:\Users\Public\Desktop\HiDef Media Player.lnk
    2014-02-28 15:23 - 2014-02-28 15:23 - 00862120 _____ (Download Manager Cert ) C:\Users\Becker\Downloads\Setup.exe
    2014-02-28 11:28 - 2014-02-28 11:28 - 00000000 ____D () C:\Windows\pss
    2014-02-27 18:20 - 2014-02-27 18:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-02-20 18:41 - 2014-03-13 19:41 - 05128584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

    ==================== One Month Modified Files and Folders =======

    2014-03-18 08:09 - 2014-03-18 08:09 - 00013581 _____ () C:\Users\Becker\Desktop\FRST.txt
    2014-03-18 08:09 - 2014-03-18 08:09 - 00000000 ____D () C:\FRST
    2014-03-18 08:05 - 2013-12-26 15:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-18 07:41 - 2013-12-26 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-18 07:35 - 2014-03-18 07:40 - 02157056 _____ (Farbar) C:\Users\Becker\Desktop\FRST64.exe
    2014-03-18 07:04 - 2013-12-26 15:20 - 01729668 _____ () C:\Windows\WindowsUpdate.log
    2014-03-18 00:05 - 2013-12-26 15:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-15 20:17 - 2014-03-15 20:17 - 00001338 _____ () C:\Users\Becker\Desktop\JRT.txt
    2014-03-15 20:13 - 2014-03-15 20:13 - 00000000 ____D () C:\Windows\ERUNT
    2014-03-15 19:22 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-15 19:22 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-15 19:22 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-15 19:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-15 19:14 - 2009-07-14 00:51 - 00036386 _____ () C:\Windows\setupact.log
    2014-03-15 19:13 - 2014-03-15 20:07 - 00007623 _____ () C:\Users\Becker\Desktop\AdwCleaner[S0].txt
    2014-03-15 19:13 - 2014-03-15 18:58 - 00000000 ____D () C:\AdwCleaner
    2014-03-15 19:13 - 2010-11-20 23:47 - 00067770 _____ () C:\Windows\PFRO.log
    2014-03-15 19:12 - 2013-12-30 22:36 - 00001782 _____ () C:\Windows\LkmdfCoInst.log
    2014-03-15 18:57 - 2014-03-15 18:56 - 01950720 _____ () C:\Users\Becker\Desktop\AdwCleaner.exe
    2014-03-15 18:43 - 2014-03-15 18:43 - 00002324 _____ () C:\Users\Becker\Desktop\Rkill.txt
    2014-03-15 18:42 - 2014-03-15 17:26 - 00000000 ____D () C:\Users\Becker\Desktop\RK_Quarantine
    2014-03-15 18:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-15 17:29 - 2014-03-15 17:29 - 00001927 _____ () C:\Users\Becker\Desktop\RKreport[0]_S_03152014_172928.txt
    2014-03-14 22:42 - 2013-12-30 22:36 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2014-03-14 22:36 - 2014-03-15 17:24 - 03901952 _____ () C:\Users\Becker\Desktop\RogueKiller.exe
    2014-03-14 22:35 - 2009-07-14 00:45 - 00502808 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-14 22:34 - 2013-12-26 15:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-14 22:34 - 2013-12-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-13 21:50 - 2013-12-26 16:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-13 21:36 - 2014-03-13 21:36 - 00053281 _____ () C:\Users\Becker\Desktop\spybotlogs.rar
    2014-03-13 21:36 - 2014-03-13 21:36 - 00003137 _____ () C:\Users\Becker\Desktop\attach.rar
    2014-03-13 21:33 - 2014-03-13 21:33 - 00650249 _____ () C:\Users\Becker\Desktop\spybotreport 031314.txt
    2014-03-13 21:33 - 2014-01-20 20:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-03-13 20:07 - 2014-03-13 20:07 - 00001843 _____ () C:\Users\Becker\Desktop\aswMBR.txt
    2014-03-13 20:07 - 2014-03-13 20:07 - 00000512 _____ () C:\Users\Becker\Desktop\MBR.dat
    2014-03-13 19:41 - 2014-02-20 18:41 - 05128584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2014-03-13 19:41 - 2013-12-26 15:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-13 19:41 - 2013-12-26 15:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-13 19:41 - 2013-12-26 15:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-13 18:55 - 2014-03-13 18:55 - 00023882 _____ () C:\Users\Becker\Desktop\dds.txt
    2014-03-13 18:55 - 2014-03-13 18:55 - 00012906 _____ () C:\Users\Becker\Desktop\attach.txt
    2014-03-13 17:42 - 2014-03-13 18:54 - 04745728 _____ (AVAST Software) C:\Users\Becker\Desktop\aswMBR.exe
    2014-03-13 17:42 - 2014-03-13 18:54 - 00688992 ____R (Swearware) C:\Users\Becker\Desktop\dds.scr
    2014-03-13 17:36 - 2014-03-15 17:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Becker\Desktop\rkill.exe
    2014-03-13 17:35 - 2014-03-15 17:25 - 01037734 _____ (Thisisu) C:\Users\Becker\Desktop\JRT.exe
    2014-03-04 10:45 - 2014-03-04 10:45 - 00000000 ____D () C:\Users\Becker\AppData\Roaming\vlc
    2014-03-04 10:32 - 2014-03-04 10:32 - 00007605 _____ () C:\Users\Becker\AppData\Local\Resmon.ResmonCfg
    2014-03-04 09:57 - 2013-12-30 21:53 - 00000000 ____D () C:\Users\Becker\AppData\Roaming\HpUpdate
    2014-03-04 08:17 - 2014-03-04 08:17 - 00000000 ____D () C:\Windows\Hewlett-Packard
    2014-03-01 02:05 - 2014-03-13 19:00 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-01 01:17 - 2014-03-13 19:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-01 01:16 - 2014-03-13 19:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-01 00:58 - 2014-03-13 19:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-01 00:52 - 2014-03-13 19:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-01 00:51 - 2014-03-13 19:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-01 00:42 - 2014-03-13 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-01 00:40 - 2014-03-13 19:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-01 00:37 - 2014-03-13 19:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-01 00:33 - 2014-03-13 19:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-01 00:33 - 2014-03-13 19:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-01 00:32 - 2014-03-13 19:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-01 00:30 - 2014-03-13 19:01 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-01 00:23 - 2014-03-13 19:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-01 00:17 - 2014-03-13 19:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-01 00:11 - 2014-03-13 19:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-01 00:02 - 2014-03-13 19:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-02-28 23:54 - 2014-03-13 19:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-28 23:52 - 2014-03-13 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-02-28 23:51 - 2014-03-13 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-02-28 23:47 - 2014-03-13 19:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-02-28 23:43 - 2014-03-13 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-02-28 23:43 - 2014-03-13 19:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-02-28 23:42 - 2014-03-13 19:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-28 23:40 - 2014-03-13 19:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-02-28 23:38 - 2014-03-13 19:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-02-28 23:37 - 2014-03-13 19:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-02-28 23:35 - 2014-03-13 19:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-28 23:18 - 2014-03-13 19:01 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-28 23:16 - 2014-03-13 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-02-28 23:14 - 2014-03-13 19:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-02-28 23:10 - 2014-03-13 19:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-28 23:03 - 2014-03-13 19:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-02-28 23:00 - 2014-03-13 19:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-02-28 22:57 - 2014-03-13 19:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-02-28 22:38 - 2014-03-13 19:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-28 22:32 - 2014-03-13 19:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-02-28 22:27 - 2014-03-13 19:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-02-28 22:25 - 2014-03-13 19:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-02-28 22:25 - 2014-03-13 19:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-02-28 15:28 - 2014-02-28 15:27 - 00862120 _____ (Download Manager Cert ) C:\Users\Becker\Downloads\Setup (2).exe
    2014-02-28 15:26 - 2014-02-28 15:26 - 00001176 _____ () C:\Users\Public\Desktop\HiDef Media Player.lnk
    2014-02-28 15:23 - 2014-02-28 15:23 - 00862120 _____ (Download Manager Cert ) C:\Users\Becker\Downloads\Setup.exe
    2014-02-28 11:28 - 2014-02-28 11:28 - 00000000 ____D () C:\Windows\pss
    2014-02-28 11:28 - 2013-12-26 15:21 - 00000000 ___RD () C:\Users\Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-27 18:20 - 2014-02-27 18:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-02-27 18:20 - 2013-12-26 15:48 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-02-16 04:03 - 2013-12-26 17:18 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-16 04:00 - 2013-12-26 17:18 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Becker\AppData\Local\Temp\avgnt.exe
    C:\Users\Becker\AppData\Local\Temp\ntdll_dump.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-15 17:57

    ==================== End Of Log ============================

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    I see Avira antivirus and Microsoft Security Essentials?
    We need to get this down to just 1 antivirus program on the computer. Some tools will refuse to run with more then one on a computer.

    Please go to add/remove programs list, try to uninstall the below items. If you have problems let me know.
    Sendori
    TidyNetwork


    Some reports of this software being installed without user permission and/or being difficult to remove.

    ***********************
    Run RogueKiller again and click Scan
    When the scan completes > click on the Registry tab
    Put a check next to the below item and uncheck the rest: (if found)

    [V2][SUSP PATH] TidyNetwork Update : C:\Users\Becker\AppData\Local\TidyNetwork\petnupdate.exe - CID=TRUS26 AUTOGUID={FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} [-][x][x] -> FOUND

    Now click Delete on the right hand column under Options
    Post back the report which should be located on your desktop.


    **************************

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    HKLM-x32\...\Run: [] - [X]
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
    BHO-x32: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn.dll No File
    Toolbar: HKLM - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKCU - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    CHR DefaultSearchKeyword: search.snapdo.com
    CHR DefaultSearchProvider: Web
    CHR DefaultSearchURL: http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIaag,,&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Becker\AppData\Local\Temp\avgnt.exe
    C:\Users\Becker\AppData\Local\Temp\ntdll_dump.dll
    Highlightly (HKLM-x32\...\Highlightly) (Version: 1.9.0.0 - Highlightly) <==== ATTENTION
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    TidyNetwork (HKCU\...\TidyNetwork) (Version: - TidyNetwork)
    Task: {ACB2DDAD-1212-454C-9BAC-307BB07A4633} - System32\Tasks\TidyNetwork Update => C:\Users\Becker\AppData\Local\TidyNetwork\petnupdate.exe
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    CMD: ipconfig /flushdns
    Reboot:
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    Please post:
    Roguekiller txt
    Fixlog.txt

    Please give me an update on how the computer is at the moment.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default getting much better.

    The computer is much better now. reboots quickly.
    No sign of snapdo in the browsers. IE is completely clean.




    I uninstalled Microsoft security essentials.
    Sendori protested when I tried to uninstall it. It sent me an internet popup to Survey Monkey. I have the screenshot here:

    sendori_fights_back.zip

    the site looks like a surveymonkey site. But is it? how can I tell.
    I looked into the cookies and there are a lot of them, and they are kinda weird compared to other normal sites like this one.

    (note: how can I show screenshots for this forum better?)


    Tidy Network uninstalled fine. But I noticed something. the file you had me remove was called "petnupdate" do you have any more information on this? my parents are really into animals and might have downloaded that if it looks like something to do with 'pets'


    right now I am running avira and avira desktop for the computer. But malwarebytes is still there. should I remove one of those? does malwarebytes play well with ohters?





    the Rogue Killer Logs
    RKreport[0]_D_03252014_054359.txt
    RKreport[0]_S_03252014_053510.txt




    The custom script fixlog
    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Becker at 2014-03-25 06:02:27 Run:1
    Running from C:\Users\Becker\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKLM-x32\...\Run: [] - [X]
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
    BHO-x32: TidyNetwork - {FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} - C:\Program Files (x86)\TidyNetwork\petn.dll No File
    Toolbar: HKLM - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport.dll No File
    Toolbar: HKCU - FindWide Toolbar - {EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} - C:\Users\Becker\AppData\Local\TNT2\Profiles\10741\passport64.dll No File
    CHR DefaultSearchKeyword: search.snapdo.com
    CHR DefaultSearchProvider: Web
    CHR DefaultSearchURL: http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIaag,,&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Becker\AppData\Local\Temp\avgnt.exe
    C:\Users\Becker\AppData\Local\Temp\ntdll_dump.dll
    Highlightly (HKLM-x32\...\Highlightly) (Version: 1.9.0.0 - Highlightly) <==== ATTENTION
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    TidyNetwork (HKCU\...\TidyNetwork) (Version: - TidyNetwork)
    Task: {ACB2DDAD-1212-454C-9BAC-307BB07A4633} - System32\Tasks\TidyNetwork Update => C:\Users\Becker\AppData\Local\TidyNetwork\petnupdate.exe
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    CMD: ipconfig /flushdns
    Reboot:
    end
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
    "C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} => Key deleted successfully.
    HKCR\CLSID\{FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Value deleted successfully.
    HKCR\CLSID\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Value deleted successfully.
    HKCR\CLSID\{EE5BB5A1-8792-4D07-A6A4-CB14A2054F16} => Key not found.
    CHR DefaultSearchKeyword: search.snapdo.com ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchProvider: Web ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchURL: http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIaag,,&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\Users\Becker\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\Becker\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB2DDAD-1212-454C-9BAC-307BB07A4633} => Key not found.
    C:\Windows\System32\Tasks\TidyNetwork Update not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key not found.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog ====

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    petnupdate has been flagged as malware.

    *******************
    Run RogueKiller again and click Scan
    Now click Delete on the right hand column under Options,
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [V2][SUSP PATH] TidyNetwork Update : C:\Users\Becker\AppData\Local\TidyNetwork\petnupdate.exe - CID=TRUS26 AUTOGUID={FA6441BC-9891-38BE-D62A-CD6ED4B7B0EA} [x][x][x] -> FOUND

    If it requires a reboot please allow it.

    *****************
    Please reset Google Chrome browser settings byt following the link below.
    Reset browser settings
    https://support.google.com/chrome/answer/3296214

    **************

    But malwarebytes is still there. should I remove one of those? does malwarebytes play well with ohters?
    MalwareBytes does play well with other security programs.
    What I'd like for you to do now is uninstall/delete the version you have no. I want you to get the latest version available and we'll run a scan.

    Please download Malwarebytes' Anti-Malware from Here.
    Click on the first blue download button.
    Never download Malwarebytes' Anti-Malware from other sources.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Please post these to logs for me to see.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Feb 2014
    Posts
    10

    Default MBam logs

    Rogue kilelr just deleted stuff when I pressed the button.

    should I have chosen something? it deleted 5 items, I think showmygames was in there, but i don't know about petnupdate.exe

    I have the logs for you



    RKreport[0]_D_03262014_082201.txtRKreport[0]_S_03262014_081933.txt

    chrome reset with no trouble

    I reinstalled, updated, and ran malwarebytes.

    during the scan, avira blocked registry access to something... should I have disabled it first?

    I couldn't check or change anything, it just quarntined everything, is that normal?

    the mbam log:




    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/26/2014
    Scan Time: 8:52:21 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.03.26.04
    Rootkit Database: v2014.03.25.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Becker

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 249365
    Time Elapsed: 9 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 8
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [17c524e3daa1a2940ab42dd854ae8a76],
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [17c524e3daa1a2940ab42dd854ae8a76],
    PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\Highlightly, Quarantined, [b02c61a6790247ef6024d6b8b74ca957],
    PUP.Optional.MyWordTool.A, HKLM\SOFTWARE\WOW6432NODE\MyWordTool, Quarantined, [ad2f4cbbbebdbe78f19d7e089d66946c],
    PUP.Optional.MyWordTool.A, HKU\S-1-5-21-90707034-2536013608-1354686508-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MyWordTool, Delete-on-Reboot, [e3f9ca3dfe7dd363cdc244426b988d73],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-90707034-2536013608-1354686508-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, Delete-on-Reboot, [617b8b7c611ada5c125a1e3738ca9b65],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-90707034-2536013608-1354686508-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Delete-on-Reboot, [726ad7302853231391991f3bac5607f9],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-90707034-2536013608-1354686508-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2ghost.com/Plugin, Delete-on-Reboot, [bc2075925526ef471dede280649ecd33],

    Registry Values: 1
    PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={E4A8993E-209C-4F1D-9819-F5C172BAE9DB}&serpv=22, Quarantined, [97452cdb7605c1753ca8662355ae2cd4]

    Registry Data: 5
    PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?p=mKO_AwFzXI...owtEVWLW7LqEsA,,, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXI...lete-on-Reboot,[5b810ef983f8aa8ccb5334d15aaa5da3]
    PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),Delete-on-Reboot,[518ba3648ceff6409e7e6f9607fd6f91]
    PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),Delete-on-Reboot,[a7351ee94338ae88df3eb74e30d48878]
    PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),Delete-on-Reboot,[9c40a4639eddad89ae718f769e667c84]
    PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YcBZ4oFqibJHA57xcLNtmZ3waCu1wdEn92ITbJEZz_-CXeRhBiqQl7trvimvbGDwH43j_ilY78vTWIQtmGRhRoA0ssN42Ev0fg_6I122zXVnBkO2aY5VtgodTFDlZIabQ,,&q={searchTerms}),Delete-on-Reboot,[f2ea37d0df9c2313ea366c99bc480cf4]

    Folders: 0
    (No malicious items detected)

    Files: 21
    PUP.DownloadAdmin, C:\$Recycle.Bin\S-1-5-21-90707034-2536013608-1354686508-1000\$R9Z9DSK.exe, Quarantined, [6379e81f5c1fe650116effa6897a4ab6],
    PUP.DownloadAdmin, C:\$Recycle.Bin\S-1-5-21-90707034-2536013608-1354686508-1000\$RSMJS23.exe, Quarantined, [bb21a85fd3a8b284b8c724818f74a25e],
    PUP.Optional.Conduit.A, C:\$Recycle.Bin\S-1-5-21-90707034-2536013608-1354686508-1000\$R48IFZB.exe, Quarantined, [a03c23e4047743f3c99af322a55cdd23],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsb3E42.exe, Quarantined, [1fbda067601b57dfde9524fcfa077789],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscF930.exe, Quarantined, [c319d235c4b762d4d69d011f867b05fb],
    PUP.Optional.Conduit.A, C:\Windows\Temp\nsd107C.exe, Quarantined, [6b71699ebcbfce682241cd48bf4235cb],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd7968.exe, Quarantined, [2fad0ff88bf0f145fc77d24e976ab14f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdB02.exe, Quarantined, [ffdd2dda5b2042f4beb51b055ba602fe],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi6BB8.exe, Quarantined, [08d40cfb611a69cd581b1c0435ccaa56],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi8FE.exe, Quarantined, [5884c344accf58de9ed572ae4fb28977],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl8C3C.exe, Quarantined, [d5079a6d2655d1650e658c94996829d7],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl9872.exe, Quarantined, [47957a8d80fb2115c6ad7da3c140d12f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnACE3.exe, Quarantined, [8854c146b7c40b2b7df6bc648879669a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnDDA4.exe, Quarantined, [cc1050b7314a171f1b58140c1ee3728e],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqFB78.exe, Quarantined, [d60667a0a6d53105b4bf160a946d4db3],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqFBA6.exe, Quarantined, [cf0d56b12457f4427af94ed2ef1233cd],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssAD02.exe, Quarantined, [cc10ba4d85f6fe383c37c55bd52c47b9],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssB455.exe, Quarantined, [2cb05fa82853ca6c363dda46936eb848],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nswDE32.exe, Quarantined, [578516f10c6f9b9b492a5cc461a0916f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxD99E.exe, Quarantined, [3ca030d7a0dbad89c3b04fd14db46a96],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxF6EF.exe, Quarantined, [9f3d2bdca2d9b6806e0539e7e71a53ad],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    Everything appears OK, how's the computer now?


    Please Run TFC by OldTimer to clear temporary files:

    Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
    and save it to your desktop.

    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    This next scanner I'm asking you to run can take quite a while. We will be looking for remnants and small pieces of junk.
    Depends on how full the computer is. Don't be alarmed if it finds things because I am expecting this.

    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •