1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My computer has been hacked what do i need to do?

Discussion in 'Virus & Other Malware Removal' started by vernbiss55, Mar 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. vernbiss55

    vernbiss55 Thread Starter

    Joined:
    Mar 21, 2013
    Messages:
    5
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 3070 Mb
    Graphics Card: Ai Squared Mirror Driver, 4 Mb
    Hard Drives: C: Total - 729074 MB, Free - 696685 MB; D: Total - 476821 MB, Free - 450958 MB; G: Total - 12857 MB, Free - 2020 MB; H: Total - 224784 MB, Free - 61211 MB; I: Total - 292382 MB, Free - 110046 MB; J: Total - 476937 MB, Free - 347258 MB; K: Total - 152625 MB, Free - 34298 MB; L: Total - 76316 MB, Free - 19150 MB;
    Motherboard: ASUSTeK Computer INC., P5N-D
    Antivirus: Norton 360, Updated and Enabled
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,819
    for a start we need some details
    we are good here, but aren't miracle workers & can't see what isn't there

    Who or what is telling you that you have been hacked or what symptoms or problems are you having
    If you follow the advice in the sticky at the top of the forum, you get better help, without us having to repeat the instructions after you have been waiting & slow it down even more

    follow advice here and post the logs those programs make

    Did you see the big red message telling you what to do when you tried to make your first post in this topic or did you just decide to ignore it.
    [​IMG]
     
  3. vernbiss55

    vernbiss55 Thread Starter

    Joined:
    Mar 21, 2013
    Messages:
    5
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:42:21 PM, on 3/22/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16521)
    Boot mode: Normal
    Running processes:
    J:\Windows\system32\taskhost.exe
    J:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
    J:\Windows\system32\taskeng.exe
    J:\Users\Dad\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe
    J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe
    J:\Program Files\ASUS\PC Probe II\Probe2.exe
    J:\Program Files\ZoomText 9.1\ZtUac.exe
    J:\Windows\system32\Dwm.exe
    J:\Windows\Explorer.EXE
    J:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    J:\Windows\System32\rundll32.exe
    J:\Program Files\Razer\Synapse\RzSynapse.exe
    J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    J:\Program Files\HP\HP Software Update\hpwuschd2.exe
    J:\Program Files\Common Files\Java\Java Update\jusched.exe
    J:\Program Files\Greenshot\Greenshot.exe
    J:\Windows\PixArt\Pac207\Monitor.exe
    J:\Program Files\3RVX\3RVX.exe
    J:\Program Files\Windows Sidebar\sidebar.exe
    J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe
    J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
    J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
    J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe
    J:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
    J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe
    J:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Common Files\Java\Java Update\jucheck.exe
    J:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Internet Explorer\iexplore.exe
    J:\Users\Dad\Downloads\HijackThis.exe
    J:\Windows\system32\SearchFilterHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.peoplepc.com/wam/login.jsp?redirect=%2Fwam%2Findex.jsp%3Ffolder%3DINBOX.Sent&x=-1793651704&x=1478516986
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - J:\Program Files\Web Assistant\Extension32.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Program Files\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - J:\Users\Dad\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Program Files\Norton 360\Engine\20.3.0.36\coIEPlg.dll
    O4 - HKLM\..\Run: [RtHDVCpl] J:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "J:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [ConservativeTalkNow Search Scope Monitor] "J:\PROGRA~1\CONSER~2\bar\1.bin\4nsrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [Razer Synapse] "J:\Program Files\Razer\Synapse\RzSynapse.exe"
    O4 - HKLM\..\Run: [EaseUS EPM tray] J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Greenshot] J:\Program Files\Greenshot\Greenshot.exe
    O4 - HKLM\..\Run: [Monitor] J:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKCU\..\Run: [3RVX] J:\Program Files\3RVX\3RVX.exe
    O4 - HKCU\..\Run: [Sidebar] J:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [NETGEARGenie] "J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
    O4 - HKCU\..\Run: [SteelSeries Engine] J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] J:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] J:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O10 - Unknown file in Winsock LSP: j:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: j:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/select/asusTek_sys_ctrl3.cab
    O16 - DPF: {121C3E0E-DC6E-45DC-952B-A6617F0FAA32} (Techland.CoJ2MapDownloader.ActiveXObject) - http://cojmodding.com/js/CoJ2MapDownloader.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - https://secure.iolo.com/PURCHASE/We...2jcxaHSE2ukEZ70YimPNPDQ2&t=634921243110000000
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - J:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - J:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - J:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - J:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
    O23 - Service: NETGEARGenieDaemon - NETGEAR - J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - J:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - J:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - J:\Windows\system32\PnkBstrB.exe
    --
    End of file - 9481 bytes

    GMER 2.1.19155 - http://www.gmer.net
    Rootkit scan 2013-03-23 08:50:45
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\0000007f WDC_WD10 rev.80.0 931.51GB
    Running: bu4n6j4i.exe; Driver: J:\Users\Dad\AppData\Local\Temp\uwtdapog.sys

    ---- System - GMER 2.1 ----
    SSDT 897322F8 ZwAlertResumeThread
    SSDT 897323D8 ZwAlertThread
    SSDT 897270C0 ZwAllocateVirtualMemory
    SSDT 88BD7520 ZwAlpcConnectPort
    SSDT 896B18F8 ZwAssignProcessToJobObject
    SSDT 896B1EA0 ZwCreateMutant
    SSDT 896B1618 ZwCreateSymbolicLinkObject
    SSDT 89706110 ZwCreateThread
    SSDT 896B1708 ZwCreateThreadEx
    SSDT 896B19D8 ZwDebugActiveProcess
    SSDT 8971A120 ZwDuplicateObject
    SSDT 897311A8 ZwFreeVirtualMemory
    SSDT 896B1F90 ZwImpersonateAnonymousToken
    SSDT 89732218 ZwImpersonateThread
    SSDT 88BD7070 ZwLoadDriver
    SSDT 897329C0 ZwMapViewOfSection
    SSDT 896B1DC0 ZwOpenEvent
    SSDT 8970E120 ZwOpenProcess
    SSDT 8971F130 ZwOpenProcessToken
    SSDT 896B1C00 ZwOpenSection
    SSDT 89715120 ZwOpenThread
    SSDT 896B1808 ZwProtectVirtualMemory
    SSDT 897324B8 ZwResumeThread
    SSDT 89732758 ZwSetContextThread
    SSDT 89732838 ZwSetInformationProcess
    SSDT 896B1AB8 ZwSetSystemInformation
    SSDT 896B1CE0 ZwSuspendProcess
    SSDT 89732598 ZwSuspendThread
    SSDT 89700130 ZwTerminateProcess
    SSDT 89732678 ZwTerminateThread
    SSDT 89732928 ZwUnmapViewOfSection
    SSDT 89730120 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 2.1 ----
    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 848799E9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 848B31C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 848BA1F0 8 Bytes [F8, 22, 73, 89, D8, 23, 73, ...] {CLC ; AND DH, [EBX-0x77]; FSUB DWORD [EBX]; JAE 0xffffff91}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 848BA208 4 Bytes [C0, 70, 72, 89] {SAL BYTE [EAX+0x72], 0x89}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 848BA214 4 Bytes [20, 75, BD, 88]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 848BA268 4 Bytes [F8, 18, 6B, 89] {CLC ; SBB [EBX-0x77], CH}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 848BA2E4 4 Bytes [A0, 1E, 6B, 89]
    .text ...
    ? J:\Users\Dad\AppData\Local\Temp\tmpE766.tmp The system cannot find the file specified. !
    ---- User code sections - GMER 2.1 ----
    .text J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[440] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\iolo\Common\Lib\ioloServiceManager.exe[440] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
    .text J:\Windows\system32\nvvsvc.exe[832] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Windows\system32\nvvsvc.exe[832] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00070930
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 02D30676
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 02D3020C
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 02D303D0
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 02D302EE
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 02D304B2
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 02D3012A
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 02D30758
    .text J:\Program Files\Internet Explorer\iexplore.exe[904] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 02D3083A
    .text J:\Windows\system32\PnkBstrA.exe[956] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Windows\system32\PnkBstrA.exe[956] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003E0930
    .text J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe[1100] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0011004C
    .text J:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe[1100] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00130930
    .text J:\Windows\system32\PnkBstrB.exe[1492] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Windows\system32\PnkBstrB.exe[1492] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
    .text J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1752] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1752] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00100930
    .text J:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1808] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1808] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00080930
    .text J:\Windows\system32\nvvsvc.exe[1820] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Windows\system32\nvvsvc.exe[1820] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00070930
    .text J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 000F0930
    .text J:\Windows\system32\crypserv.exe[1964] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Windows\system32\crypserv.exe[1964] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 002F0930
    .text J:\Program Files\ZoomText 9.1\ZtUac.exe[2968] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\ZoomText 9.1\ZtUac.exe[2968] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001F0930
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 02D80676
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 02D8020C
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 02D803D0
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 02D802EE
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 02D804B2
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 02D8012A
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 02D80758
    .text J:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 02D8083A
    .text J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe[3604] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe[3604] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 000F0930
    .text J:\Program Files\ASUS\PC Probe II\Probe2.exe[3672] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\ASUS\PC Probe II\Probe2.exe[3672] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
    .text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollRange 77398EC5 8 Bytes JMP 003E00D9
    .text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollInfo 773A48DA 8 Bytes JMP 003E0000
    .text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!SetScrollPos 773C04BE 8 Bytes JMP 003E01CA
    .text J:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe[3736] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00180930
    .text J:\Program Files\HP\HP Software Update\hpwuschd2.exe[4108] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\HP\HP Software Update\hpwuschd2.exe[4108] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
    .text J:\Program Files\Common Files\Java\Java Update\jusched.exe[4120] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\Common Files\Java\Java Update\jusched.exe[4120] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200930
    .text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4320] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4320] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 002E0930
    .text J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[4372] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[4372] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 003F0930
    .text J:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[4388] ntdll.dll!DbgBreakPoint 7726410C 3 Bytes [8B, 40, 30] {MOV EAX, [EAX+0x30]}
    .text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4572] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Users\Dad\AppData\Local\Akamai\netsession_win.exe[4572] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 001E0930
    .text J:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4652] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 000E004C
    .text J:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4652] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00100930
    .text J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe[5508] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 001E004C
    .text J:\Program Files\ASUS\AASP\1.01.12\aaCenter.exe[5508] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00300930
    .text J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[5612] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[5612] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00310930
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] ntdll.dll!NtSetInformationProcess 77276678 5 Bytes JMP 024A083C
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!K32GetPerformanceInfo + 1CC 7638632B 7 Bytes JMP 024A03D2
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!TerminateProcess + B 76392C10 7 Bytes JMP 024A0596
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!QueryPerformanceCounter + 13 7639C435 7 Bytes JMP 024A04B4
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!FreeLibrary + 8 7639EF6F 7 Bytes JMP 024A0678
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] kernel32.dll!CheckElevation + 2DB 763B959A 7 Bytes JMP 024A02F0
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] ole32.DLL!CoGetMarshalSizeMax + 62BD 766E54A8 7 Bytes JMP 024A091E
    .text J:\Program Files\Internet Explorer\iexplore.exe[6552] ole32.DLL!CoCreateInstance + 3E 766F9D49 7 Bytes JMP 024A0A00
    .text J:\Users\Dad\Desktop\bu4n6j4i.exe[7284] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Users\Dad\Desktop\bu4n6j4i.exe[7284] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200930
    .text J:\Program Files\Common Files\Java\Java Update\jucheck.exe[7640] ntdll.dll!NtTerminateThread 772768D8 5 Bytes JMP 0002004C
    .text J:\Program Files\Common Files\Java\Java Update\jucheck.exe[7640] USER32.dll!RecordShutdownReason + 372 773E06C2 7 Bytes JMP 00200AF4
    ---- Devices - GMER 2.1 ----
    Device \Driver\BTHUSB \Device\000000b6 bthport.sys
    Device \Driver\BTHUSB \Device\000000b6 bthport.sys
    Device \Driver\BTHUSB \Device\000000b8 bthport.sys
    Device \Driver\BTHUSB \Device\000000b8 bthport.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
    ---- Trace I/O - GMER 2.1 ----
    Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys USBPORT.SYS usbohci.sys Wdf01000.sys rzdaendpt.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys rzudd.sys mouclass.sys usbhub.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys NuidFltr.sys usbccgp.sys ndis.sys nvm62x32.sys pacer.sys tcpip.sys NETIO.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< 875086a8
    Trace 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x881bf030] 881bf030
    Trace 3 CLASSPNP.SYS[8cfc059e] -> nt!IofCallDriver -> [0x87b1c700] 87b1c700
    Trace 5 ACPI.sys[8ccc23d4] -> nt!IofCallDriver -> \Device\0000007f[0x87b1e8a0] 87b1e8a0
    Trace 7 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 9 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 11 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 13 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 15 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 17 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 19 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 21 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 23 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 25 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 27 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 29 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 31 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 33 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 35 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 37 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 39 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 41 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 43 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 45 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 47 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 49 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 51 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 53 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 55 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 57 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 59 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 61 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 63 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 65 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 67 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 69 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 71 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 73 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 75 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 77 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 79 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 81 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 83 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 85 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 87 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 89 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 91 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 93 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 95 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 97 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 99 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 101 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 103 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 105 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 107 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 109 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 111 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 113 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 115 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 117 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 119 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 121 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 123 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 125 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 127 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 129 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 131 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 133 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 135 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 137 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 139 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 141 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 143 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 145 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 147 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 149 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 151 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 153 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 155 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 157 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 159 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 161 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 163 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 165 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 167 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 169 hidusb.sys[84522391] -> nt!IofCallDriver -> [0x88acf8d0] 88acf8d0
    Trace 171 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\USBPDO-4[0x88b42030] 88b42030
    Trace 173 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 175 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 177 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 179 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\00000098[0x88b097d0] 88b097d0
    Trace 181 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 183 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 185 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 187 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 189 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 191 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> \Device\0000009a[0x88b0bd08] 88b0bd08
    Trace 193 hidusb.sys[84522391] -> nt!IofCallDriver -> \Device\00000096[0x88afcc68] 88afcc68
    Trace 195 usbccgp.sys[93e05565] -> nt!IofCallDriver -> \Device\USBPDO-3[0x88af3030] 88af3030
    Trace 197 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> \Device\USBPDO-0[0x89692028] 89692028
    Trace 199 mouhid.sys[9ac1d78b] -> nt!IofCallDriver -> \Device\0000009d[0x88b40030] 88b40030
    Trace 201 hidusb.sys[84522391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> [0x81ded063f5474c8] 81ded063f5474c8
    Trace 391] -> nt!IofCallDriver -> 201 hidusb.sys[84522391] -> [0x81ded063f5474c8][0x32003200350034] -> IRP_MJ_CREATE -> 0x5d00380063 5d00380063
    Trace 203 Wdf01000.sys[8cc33cbf] -> nt!IofCallDriver -> dFltr.sys usbccgp.sys ndis.sys nvm62x32.sys pacer.sys tcpip.sys NETIO.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< [0x690075004e0020] 690075004e0020
    Trace O.SYS usbehci.sys npf.sys >>UNKNOWN [0x875086a8]<< [0x4900540045004e] -> IRP_MJ_CREATE -> 0x0 0
    Trace 205 usbhub.sys[9a5afc88] -> nt!IofCallDriver -> [0x0] 0
    Trace [0x0] -> IRP_MJ_CREATE -> 0x0 0
    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721bc7d6
    Reg HKLM\SYSTEM\CurrentControlSet\services\PDFsFilter\Parameters\{922fb02a-46b3-11e0-ac9e-806e6f6e6963}@NumExtendFileExtentsSaved 122873
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721bc7d6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\0002721bc7d6 (not active ControlSet)
    ---- EOF - GMER 2.1 ----
    I was able to run the first and last programs. The DDS program will run but the output is unreadable characters.


    Sometimes windows or search lines that you can type in, especially IE fill up with numbers and letters on their own. The last instance of this was disturbing. The hacker was listing my daughter's email address and asking for her phone number! I have Norton 360 Iolo System Mechanic and a firewall all running. Nothing was detected by any program. I don't want to have to reinstall my operation system. And no I did not see the header asking me to run these programs for the post.

    thanks
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,819
    can you try this instead of DDS then please so we might get some ideas what might be wrong
    Download OTS.exe to your Desktop
    • Close any open browsers.
    • Double-click on OTS.exe to start the program.
    • If your Real protection or Antivirus intervenes with OTS, allow it to run.
    • In the Processes group click ALL
    • In the modules group click ALL
    • In the Services group click Safe List
    • In the Drivers group click Safe List
    • In the Registry group click ALL
    • In the Files Age drop down box click 360
    • Make sure the company name, no name and skip Microsoft files boxes are checked
    • In the Files created and Files modified groups select ALL
      in the Additional scans sections please select Everything and make sure safe list box is checked
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here. I will review it when it comes in.

    It will be much too big so you will need to zip the file before it will be able to be uploaded
     
  5. vernbiss55

    vernbiss55 Thread Starter

    Joined:
    Mar 21, 2013
    Messages:
    5
     

    Attached Files:

  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,819
    I can see a few suspicious things there


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    when it reboots then
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  7. vernbiss55

    vernbiss55 Thread Starter

    Joined:
    Mar 21, 2013
    Messages:
    5
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.3 (03.23.2013:1)
    OS: Windows 7 Professional x86
    Ran by Dad on Sun 03/24/2013 at 16:19:33.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services
    Successfully stopped: [Service] web assistant updater
    Successfully deleted: [Service] web assistant updater
    Successfully stopped: [Service] weboptimizer
    Successfully deleted: [Service] weboptimizer

    ~~~ Registry Values
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
    Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
    Successfully deleted: [Registry Key] hkey_current_user\software\im
    Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
    Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
    Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
    Successfully deleted: [Registry Key] hkey_current_user\software\zugo
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecause
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclick
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclickmg
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3247201
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d425283-d487-4337-bab6-ab8354a81457}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e8daaa30-6caa-4b58-9603-8e54238219e2}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

    ~~~ Files
    Successfully deleted: [File] "J:\Windows\system32\dmwu.exe"

    ~~~ Folders
    Successfully deleted: [Folder] "J:\ProgramData\babylon"
    Successfully deleted: [Folder] "J:\ProgramData\blekko toolbars"
    Successfully deleted: [Folder] "J:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "J:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "J:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "J:\ProgramData\w3i"
    Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "J:\Users\Dad\AppData\Roaming\speedypc software"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\babylon"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\conduit"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\local\televisionfanatic"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\conduit"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\gamesagogo_w3i"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\playbryte"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\searchquband"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\searchqutoolbar"
    Successfully deleted: [Folder] "J:\Users\Dad\appdata\locallow\televisionfanatic"
    Successfully deleted: [Folder] "J:\Program Files\blekkotb_soc"
    Successfully deleted: [Folder] "J:\Program Files\conduit"
    Successfully deleted: [Folder] "J:\Program Files\coupons"
    Successfully deleted: [Folder] "J:\Program Files\free offers from freeze.com"
    Successfully deleted: [Folder] "J:\Program Files\gamesagogo_w3i"
    Successfully deleted: [Folder] "J:\Program Files\playbryte"
    Successfully deleted: [Folder] "J:\Program Files\search toolbar"
    Successfully deleted: [Folder] "J:\Program Files\selectrebates"
    Successfully deleted: [Folder] "J:\Program Files\televisionfanatic"
    Successfully deleted: [Folder] "J:\Program Files\w3i"
    Successfully deleted: [Folder] "J:\Program Files\web assistant"
    Successfully deleted: [Folder] "J:\Program Files\wi3c8a~1"
    Successfully deleted: [Folder] "J:\Program Files\yontoo"
    Successfully deleted: [Folder] "J:\Windows\system32\ai_recyclebin"

    ~~~ Chrome
    Successfully deleted: [Folder] J:\Users\Dad\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 03/24/2013 at 16:25:56.76
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v2.115 - Logfile created 03/24/2013 at 16:31:19
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Dad - DAD-PC
    # Boot Mode : Normal
    # Running from : J:\Users\Dad\Downloads\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : J:\END
    File Found : J:\user.js
    File Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Found : J:\Users\Dad\Desktop\Free Dolphin Screensaver.lnk
    File Found : J:\Windows\system32\ImhxxpComm.dll
    Folder Found : J:\Program Files\1ClickDownload
    Folder Found : J:\Program Files\InternetHelper1.5
    Folder Found : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Folder Found : J:\Users\Dad\AppData\Local\PackageAware
    Folder Found : J:\Users\Dad\AppData\LocalLow\InternetHelper1.5
    Folder Found : J:\Users\Dad\Documents\ShopToWin
    Folder Found : J:\Users\Family\AppData\LocalLow\Conduit
    Folder Found : J:\Users\Family\AppData\LocalLow\InternetHelper1.5
    Folder Found : J:\Windows\system32\WNLT
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\InternetHelper1.5
    Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\WNLT
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Key Found : HKLM\Software\InternetHelper1.5
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B2FAA55-1CE7-4E5A-89B9-0A7B3C346F36}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C884F0-1039-450D-8E3B-7C05443C86F1}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKLM\Software\TENCENT
    Key Found : HKLM\Software\WNLT
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v10.0.9200.16521
    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://webmail.peoplepc.com/wam/login.jsp?redirect=%2Fwam%2Findex.jsp%3Ffolder%3DINBOX.Sent&x=-1793651704&x=1478516986
    -\\ Google Chrome v25.0.1364.172
    File : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.2001] : homepage = "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48",
    Found [l.2311] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48" ]
    File : J:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [7912 octets] - [24/03/2013 16:31:19]
    ########## EOF - J:\AdwCleaner[R1].txt - [7972 octets] ##########
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,819
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
    then tell us what, if any, problems are still there
     
  9. vernbiss55

    vernbiss55 Thread Starter

    Joined:
    Mar 21, 2013
    Messages:
    5
    # AdwCleaner v2.115 - Logfile created 03/24/2013 at 17:21:11
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Dad - DAD-PC
    # Boot Mode : Normal
    # Running from : J:\Users\Dad\Downloads\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : J:\END
    File Deleted : J:\user.js
    File Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Deleted : J:\Windows\system32\ImhxxpComm.dll
    Folder Deleted : J:\Program Files\1ClickDownload
    Folder Deleted : J:\Program Files\InternetHelper1.5
    Folder Deleted : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Folder Deleted : J:\Users\Dad\AppData\Local\PackageAware
    Folder Deleted : J:\Users\Dad\AppData\LocalLow\InternetHelper1.5
    Folder Deleted : J:\Users\Dad\Documents\ShopToWin
    Folder Deleted : J:\Users\Family\AppData\LocalLow\Conduit
    Folder Deleted : J:\Users\Family\AppData\LocalLow\InternetHelper1.5
    Folder Deleted : J:\Windows\system32\WNLT
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper1.5
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
    Key Deleted : HKLM\Software\InternetHelper1.5
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B2FAA55-1CE7-4E5A-89B9-0A7B3C346F36}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C884F0-1039-450D-8E3B-7C05443C86F1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : HKLM\SOFTWARE\Software
    Key Deleted : HKLM\Software\TENCENT
    Key Deleted : HKLM\Software\WNLT
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v10.0.9200.16521
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://webmail.peoplepc.com/wam/login.jsp?redirect=%2Fwam%2Findex.jsp%3Ffolder%3DINBOX.Sent&x=-1793651704&x=1478516986 --> hxxp://www.google.com
    -\\ Google Chrome v25.0.1364.172
    File : J:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.2001] : homepage = "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48",
    Deleted [l.2311] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268935&SearchSource=48" ]
    File : J:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [8041 octets] - [24/03/2013 16:31:19]
    AdwCleaner[S1].txt - [5869 octets] - [24/03/2013 17:21:11]
    ########## EOF - J:\AdwCleaner[S1].txt - [5929 octets] ##########

    Will post again if problem reappears.
    Thank You very much for your help.
    Vernbiss
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,819
    I will wait to hear if any problems still exist
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1093851