Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

My computer has been hacked what do i need to do?

(In Progress)
(!)

vernbiss55's Avatar
vernbiss55 vernbiss55 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2013
21-Mar-2013, 07:03 PM #1
My computer has been hacked what do i need to do?
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3070 Mb
Graphics Card: Ai Squared Mirror Driver, 4 Mb
Hard Drives: C: Total - 729074 MB, Free - 696685 MB; D: Total - 476821 MB, Free - 450958 MB; G: Total - 12857 MB, Free - 2020 MB; H: Total - 224784 MB, Free - 61211 MB; I: Total - 292382 MB, Free - 110046 MB; J: Total - 476937 MB, Free - 347258 MB; K: Total - 152625 MB, Free - 34298 MB; L: Total - 76316 MB, Free - 19150 MB;
Motherboard: ASUSTeK Computer INC., P5N-D
Antivirus: Norton 360, Updated and Enabled
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Mar-2013, 06:32 AM #2
for a start we need some details
we are good here, but aren't miracle workers & can't see what isn't there

Who or what is telling you that you have been hacked or what symptoms or problems are you having
If you follow the advice in the sticky at the top of the forum, you get better help, without us having to repeat the instructions after you have been waiting & slow it down even more

follow advice here and post the logs those programs make

Did you see the big red message telling you what to do when you tried to make your first post in this topic or did you just decide to ignore it.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
vernbiss55's Avatar
vernbiss55 vernbiss55 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2013
23-Mar-2013, 08:03 AM #3
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:21 PM, on 3/22/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal
Running processes:
J:\Windows\system32\taskhost.exe
J:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
J:\Windows\system32\taskeng.exe
J:\Users\Dad\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe
J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe
J:\Program Files\ASUS\PC Probe II\Probe2.exe
J:\Program Files\ZoomText 9.1\ZtUac.exe
J:\Windows\system32\Dwm.exe
J:\Windows\Explorer.EXE
J:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
J:\Windows\System32\rundll32.exe
J:\Program Files\Razer\Synapse\RzSynapse.exe
J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
J:\Program Files\HP\HP Software Update\hpwuschd2.exe
J:\Program Files\Common Files\Java\Java Update\jusched.exe
J:\Program Files\Greenshot\Greenshot.exe
J:\Windows\PixArt\Pac207\Monitor.exe
J:\Program Files\3RVX\3RVX.exe
J:\Program Files\Windows Sidebar\sidebar.exe
J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe
J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe
J:\Program Files\NVIDIA Corporation\Display\nvtray.exe
J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Common Files\Java\Java Update\jucheck.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Users\Dad\Downloads\HijackThis.exe
J:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.peoplepc.com/wam/log...4&x=1478516986
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - J:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Program Files\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - J:\Users\Dad\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] J:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "J:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [ConservativeTalkNow Search Scope Monitor] "J:\PROGRA~1\CONSER~2\bar\1.bin\4nsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Razer Synapse] "J:\Program Files\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Greenshot] J:\Program Files\Greenshot\Greenshot.exe
O4 - HKLM\..\Run: [Monitor] J:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [3RVX] J:\Program Files\3RVX\3RVX.exe
O4 - HKCU\..\Run: [Sidebar] J:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [NETGEARGenie] "J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [SteelSeries Engine] J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] J:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] J:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O10 - Unknown file in Winsock LSP: j:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: j:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {121C3E0E-DC6E-45DC-952B-A6617F0FAA32} (Techland.CoJ2MapDownloader.ActiveXObject) - http://cojmodding.com/js/CoJ2MapDownloader.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0926/CTPID.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - https://secure.iolo.com/PURCHASE/Web...21243110000000
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - J:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - J:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - J:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - J:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - J:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - J:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - J:\Windows\system32\PnkBstrB.exe
--
End of file - 9481 bytes

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-23 08:50:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\0000007f WDC_WD10 rev.80.0 931.51GB
Running: bu4n6j4i.exe; Driver: J:\Users\Dad\AppData\Local\Temp\uwtdapog.sys

---- System - GMER 2.1 ----
SSDT 897322F8 ZwAlertResumeThread
SSDT 897323D8 ZwAlertThread
SSDT 897270C0 ZwAllocateVirtualMemory
SSDT 88BD7520 ZwAlpcConnectPort
SSDT 896B18F8 ZwAssignProcessToJobObject
SSDT 896B1EA0 ZwCreateMutant
SSDT 896B1618 ZwCreateSymbolicLinkObject
SSDT 89706110 ZwCreateThread
SSDT 896B1708 ZwCreateThreadEx
SSDT 896B19D8 ZwDebugActiveProcess
SSDT 8971A120 ZwDuplicateObject
SSDT 897311A8 ZwFreeVirtualMemory
SSDT 896B1F90 ZwImpersonateAnonymousToken
SSDT 89732218 ZwImpersonateThread
SSDT 88BD7070 ZwLoadDriver
SSDT 897329C0 ZwMapViewOfSection
SSDT 896B1DC0 ZwOpenEvent
SSDT 8970E120 ZwOpenProcess
SSDT 8971F130 ZwOpenProcessToken
SSDT 896B1C00 ZwOpenSection
SSDT 89715120 ZwOpenThread
SSDT 896B1808 ZwProtectVirtualMemory
SSDT 897324B8 ZwResumeThread
SSDT 89732758 ZwSetContextThread
SSDT 89732838 ZwSetInformationProcess
SSDT 896B1AB8 ZwSetSystemInformation
SSDT 896B1CE0 ZwSuspendProcess
SSDT 89732598 ZwSuspendThread
SSDT 89700130 ZwTerminateProcess
SSDT 89732678 ZwTerminateThread
SSDT 89732928 ZwUnmapViewOfSection
SSDT 89730120 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 848799E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 848B31C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 848BA1F0 8 Bytes [F8, 22, 73, 89, D8, 23, 73, ...] {CLC ; AND DH, [EBX-0x77]; FSUB DWORD [EBX]; JAE 0xffffff91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 848BA208 4 Bytes [C0, 70, 72, 89] {SAL BYTE [EAX+0x72], 0x89}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 848BA214 4 Bytes [20, 75, BD, 88]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 848BA268 4 Bytes [F8, 18, 6B, 89] {CLC ; SBB [EBX-0x77], CH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 848BA2E4 4 Bytes [A0, 1E, 6B, 89]
.text ...
? J:\Users\Dad\AppData\Local\Temp\tmpE766.tmp The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[440] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[440] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
.text J:\Windows\system32\nvvsvc.exe[832] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Windows\system32\nvvsvc.exe[832] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00070930
.text J:\Program Files\Internet Explorer\iexplore.exe[904] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 02D30676
.text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 02D3020C
.text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 02D303D0
.text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 02D302EE
.text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 02D304B2
.text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 02D3012A
.text J:\Program Files\Internet Explorer\iexplore.exe[904] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 02D30758
.text J:\Program Files\Internet Explorer\iexplore.exe[904] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 02D3083A
.text J:\Windows\system32\PnkBstrA.exe[956] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Windows\system32\PnkBstrA.exe[956] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003E0930
.text J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe[1100] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0011004C
.text J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe[1100] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00130930
.text J:\Windows\system32\PnkBstrB.exe[1492] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Windows\system32\PnkBstrB.exe[1492] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
.text J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1752] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1752] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00100930
.text J:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1808] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1808] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00080930
.text J:\Windows\system32\nvvsvc.exe[1820] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Windows\system32\nvvsvc.exe[1820] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00070930
.text J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 000F0930
.text J:\Windows\system32\crypserv.exe[1964] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Windows\system32\crypserv.exe[1964] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 002F0930
.text J:\Program Files\ZoomText 9.1\ZtUac.exe[2968] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\ZoomText 9.1\ZtUac.exe[2968] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001F0930
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 02D80676
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 02D8020C
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 02D803D0
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 02D802EE
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 02D804B2
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 02D8012A
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 02D80758
.text J:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 02D8083A
.text J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe[3604] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe[3604] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 000F0930
.text J:\Program Files\ASUS\PC Probe II\Probe2.exe[3672] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\ASUS\PC Probe II\Probe2.exe[3672] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
.text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollRange 77398EC5 8 Bytes JMP 003E00D9
.text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollInfo 773A48DA 8 Bytes JMP 003E0000
.text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollPos 773C04BE 8 Bytes JMP 003E01CA
.text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00180930
.text J:\Program Files\HP\HP Software Update\hpwuschd2.exe[4108] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\HP\HP Software Update\hpwuschd2.exe[4108] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
.text J:\Program Files\Common Files\Java\Java Update\jusched.exe[4120] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\Common Files\Java\Java Update\jusched.exe[4120] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200930
.text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4320] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4320] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 002E0930
.text J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[4372] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[4372] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
.text J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[4388] ntdll.dll!DbgBreakPoint 7726410C 3 Bytes [8B, 40, 30] {MOV EAX, [EAX+0x30]}
.text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4572] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4572] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
.text J:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4652] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 000E004C
.text J:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4652] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00100930
.text J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe[5508] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 001E004C
.text J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe[5508] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00300930
.text J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[5612] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[5612] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00310930
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 024A083C
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 024A03D2
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 024A0596
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 024A04B4
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 024A0678
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 024A02F0
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 024A091E
.text J:\Program Files\Internet Explorer\iexplore.exe[6552] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 024A0A00
.text J:\Users\Dad\Desktop\bu4n6j4i.exe[7284] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Users\Dad\Desktop\bu4n6j4i.exe[7284] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200930
.text J:\Program Files\Common Files\Java\Java Update\jucheck.exe[7640] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
.text J:\Program Files\Common Files\Java\Java Update\jucheck.exe[7640] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200AF4
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\000000b6 bthport.sys
Device \Driver\BTHUSB \Device\000000b6 bthport.sys
Device \Driver\BTHUSB \Device\000000b8 bthport.sys
Device \Driver\BTHUSB \Device\000000b8 bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys USBPORT.SYS usbohci.sys Wdf01000.sys rzdaendpt.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys rzudd.sys mouclass.sys usbhub.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys NuidFltr.sys usbccgp.sys ndis.sys nvm62x32.sys pacer.sys tcpip.sys NETIO.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< 875086a8
Trace 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x881bf030] 881bf030
Trace 3 CLASSPNP.SYS[8cfc059e] -> nt!IofCallDriver -> [0x87b1c700] 87b1c700
Trace 5 ACPI.sys[8ccc23d4] -> nt!IofCallDriver -> \Device\0000007f[0x87b1e8a0] 87b1e8a0
Trace 7 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 9 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 11 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 13 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 15 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 17 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 19 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 21 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 23 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 25 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 27 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 29 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 31 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 33 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 35 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 37 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 39 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 41 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 43 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 45 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 47 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 49 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 51 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 53 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 55 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 57 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 59 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 61 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 63 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 65 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 67 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 69 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 71 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 73 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 75 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 77 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 79 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 81 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 83 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 85 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 87 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 89 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 91 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 93 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 95 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 97 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 99 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 101 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 103 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 105 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 107 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 109 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 111 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 113 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 115 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 117 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 119 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 121 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 123 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 125 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 127 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 129 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 131 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 133 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 135 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 137 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 139 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 141 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 143 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 145 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 147 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 149 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 151 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 153 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 155 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 157 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 159 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 161 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 163 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 165 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 167 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 169 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
Trace 171 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
Trace 173 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 175 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 177 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 179 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
Trace 181 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 183 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 185 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 187 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 189 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 191 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
Trace 193 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
Trace 195 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
Trace 197 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
Trace 199 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
Trace 201 hidusb.sys[84522391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> [0x81ded063f5474c8] 81ded063f5474c8
Trace 391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> [0x81ded063f5474c8][0x32003200350034] -> IRP_MJ_CREATE -> 0x5d00380063 5d00380063
Trace 203 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> dFltr.sys usbccgp.sys ndis.sys nvm62x32.sys pacer.sys tcpip.sys NETIO.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< [0x690075004e0020] 690075004e0020
Trace O.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< [0x4900540045004e] -> IRP_MJ_CREATE -> 0x0 0
Trace 205 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> [0x0] 0
Trace [0x0] -> IRP_MJ_CREATE -> 0x0 0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721bc7d6
Reg HKLM\SYSTEM\CurrentControlSet\services\PDFsFilter\Parameters\{922fb02a-46b3-11e0-ac9e-806e6f6e6963}@NumExtendFileExtentsSaved 122873
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721bc7d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\0002721bc7d6 (not active ControlSet)
---- EOF - GMER 2.1 ----
I was able to run the first and last programs. The DDS program will run but the output is unreadable characters.


Sometimes windows or search lines that you can type in, especially IE fill up with numbers and letters on their own. The last instance of this was disturbing. The hacker was listing my daughter's email address and asking for her phone number! I have Norton 360 Iolo System Mechanic and a firewall all running. Nothing was detected by any program. I don't want to have to reinstall my operation system. And no I did not see the header asking me to run these programs for the post.

thanks
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Mar-2013, 11:19 AM #4
can you try this instead of DDS then please so we might get some ideas what might be wrong
Download OTS.exe to your Desktop
  • Close any open browsers.
  • Double-click on OTS.exe to start the program.
  • If your Real protection or Antivirus intervenes with OTS, allow it to run.
  • In the Processes group click ALL
  • In the modules group click ALL
  • In the Services group click Safe List
  • In the Drivers group click Safe List
  • In the Registry group click ALL
  • In the Files Age drop down box click 360
  • Make sure the company name, no name and skip Microsoft files boxes are checked
  • In the Files created and Files modified groups select ALL
    in the Additional scans sections please select Everything and make sure safe list box is checked
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here. I will review it when it comes in.

It will be much too big so you will need to zip the file before it will be able to be uploaded
vernbiss55's Avatar
vernbiss55 vernbiss55 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2013
24-Mar-2013, 12:46 PM #5
Quote:
Originally Posted by dvk01 View Post
can you try this instead of DDS then please so we might get some ideas what might be wrong

Download OTS.exe to your Desktop
  • Close any open browsers.
  • Double-click on OTS.exe to start the program.
  • If your Real protection or Antivirus intervenes with OTS, allow it to run.
  • In the Processes group click ALL
  • In the modules group click ALL
  • In the Services group click Safe List
  • In the Drivers group click Safe List
  • In the Registry group click ALL
  • In the Files Age drop down box click 360
  • Make sure the company name, no name and skip Microsoft files boxes are checked
  • In the Files created and Files modified groups select ALL
    in the Additional scans sections please select Everything and make sure safe list box is checked
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here. I will review it when it comes in.

It will be much too big so you will need to zip the file before it will be able to be uploaded
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Mar-2013, 01:24 PM #6
I can see a few suspicious things there


Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

when it reboots then
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
vernbiss55's Avatar
vernbiss55 vernbiss55 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2013
24-Mar-2013, 03:33 PM #7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Dad on Sun 03/24/2013 at 16:19:33.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services
Successfully stopped: [Service] web assistant updater
Successfully deleted: [Service] web assistant updater
Successfully stopped: [Service] weboptimizer
Successfully deleted: [Service] weboptimizer

~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecause
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclick
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclickmg
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3247201
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\brows er helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

~~~ Files
Successfully deleted: [File] "J:\Windows\system32\dmwu.exe"

~~~ Folders
Successfully deleted: [Folder] "J:\ProgramData\babylon"
Successfully deleted: [Folder] "J:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "J:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "J:\ProgramData\speedypc software"
Successfully deleted: [Folder] "J:\ProgramData\tarma installer"
Successfully deleted: [Folder] "J:\ProgramData\w3i"
Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\babylon"
Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\babylon"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\conduit"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\televisionfanatic"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\conduit"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\datamngr"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\gamesagogo_w3i"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\playbryte"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\searchquband"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "J:\Program Files\blekkotb_soc"
Successfully deleted: [Folder] "J:\Program Files\conduit"
Successfully deleted: [Folder] "J:\Program Files\coupons"
Successfully deleted: [Folder] "J:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "J:\Program Files\gamesagogo_w3i"
Successfully deleted: [Folder] "J:\Program Files\playbryte"
Successfully deleted: [Folder] "J:\Program Files\search toolbar"
Successfully deleted: [Folder] "J:\Program Files\selectrebates"
Successfully deleted: [Folder] "J:\Program Files\televisionfanatic"
Successfully deleted: [Folder] "J:\Program Files\w3i"
Successfully deleted: [Folder] "J:\Program Files\web assistant"
Successfully deleted: [Folder] "J:\Program Files\wi3c8a~1"
Successfully deleted: [Folder] "J:\Program Files\yontoo"
Successfully deleted: [Folder] "J:\Windows\system32\ai_recyclebin"

~~~ Chrome
Successfully deleted: [Folder] J:\Users\Dad\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngj enhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndi pklodoedlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhaccco lfgnkiboco

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/24/2013 at 16:25:56.76
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 16:31:19
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Dad - DAD-PC
# Boot Mode : Normal
# Running from : J:\Users\Dad\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : J:\END
File Found : J:\user.js
File Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : J:\Users\Dad\Desktop\Free Dolphin Screensaver.lnk
File Found : J:\Windows\system32\ImhxxpComm.dll
Folder Found : J:\Program Files\1ClickDownload
Folder Found : J:\Program Files\InternetHelper1.5
Folder Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Found : J:\Users\Dad\AppData\Local\PackageAware
Folder Found : J:\Users\Dad\AppData\LocalLow\InternetHelper1.5
Folder Found : J:\Users\Dad\Documents\ShopToWin
Folder Found : J:\Users\Family\AppData\LocalLow\Conduit
Folder Found : J:\Users\Family\AppData\LocalLow\InternetHelper1.5
Folder Found : J:\Windows\system32\WNLT
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\InternetHelper1.5
Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Found : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKLM\Software\InternetHelper1.5
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B2FAA55-1CE7-4E5A-89B9-0A7B3C346F36}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C884F0-1039-450D-8E3B-7C05443C86F1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\Software\WNLT
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://webmail.peoplepc.com/wam/login.jsp?redirect=%2Fwam%2Findex.jsp%3Ffolder%3DINBOX.Sent&x=-1793651704&x=1478516986
-\\ Google Chrome v25.0.1364.172
File : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.2001] : homepage = "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48",
Found [l.2311] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48" ]
File : J:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7912 octets] - [24/03/2013 16:31:19]
########## EOF - J:\AdwCleaner[R1].txt - [7972 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Mar-2013, 04:05 PM #8
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt
then tell us what, if any, problems are still there
vernbiss55's Avatar
vernbiss55 vernbiss55 is offline
Member with 5 posts.
THREAD STARTER
 
Join Date: Mar 2013
24-Mar-2013, 04:30 PM #9
# AdwCleaner v2.115 - Logfile created 03/24/2013 at 17:21:11
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Dad - DAD-PC
# Boot Mode : Normal
# Running from : J:\Users\Dad\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : J:\END
File Deleted : J:\user.js
File Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : J:\Windows\system32\ImhxxpComm.dll
Folder Deleted : J:\Program Files\1ClickDownload
Folder Deleted : J:\Program Files\InternetHelper1.5
Folder Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Deleted : J:\Users\Dad\AppData\Local\PackageAware
Folder Deleted : J:\Users\Dad\AppData\LocalLow\InternetHelper1.5
Folder Deleted : J:\Users\Dad\Documents\ShopToWin
Folder Deleted : J:\Users\Family\AppData\LocalLow\Conduit
Folder Deleted : J:\Users\Family\AppData\LocalLow\InternetHelper1.5
Folder Deleted : J:\Windows\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper1.5
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKLM\Software\InternetHelper1.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B2FAA55-1CE7-4E5A-89B9-0A7B3C346F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C884F0-1039-450D-8E3B-7C05443C86F1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://webmail.peoplepc.com/wam/login.jsp?redirect=%2Fwam%2Findex.jsp%3Ffolder%3DINBOX.Sent&x=-1793651704&x=1478516986 --> hxxp://www.google.com
-\\ Google Chrome v25.0.1364.172
File : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.2001] : homepage = "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48",
Deleted [l.2311] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48" ]
File : J:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [8041 octets] - [24/03/2013 16:31:19]
AdwCleaner[S1].txt - [5869 octets] - [24/03/2013 17:21:11]
########## EOF - J:\AdwCleaner[S1].txt - [5929 octets] ##########

Will post again if problem reappears.
Thank You very much for your help.
Vernbiss
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Mar-2013, 04:11 AM #10
I will wait to hear if any problems still exist
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
system mechanic running

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑