Buy Malwarebytes antimalware











This site is hosted at Hostgator.com




Sponsored Adverts

Sponsored Ads

These adverts come direct from Google adsense



Recent Posts

Pages: 1 2 [3] 4 5 6 7 8 ... 10
21
Malware removal and help / Re: trojan.agent gen-graftor and iminent
« Last post by Derek on March 16, 2014, 07:52:27 »
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Then
Click on this link to download : ADWCleaner Click on ONE of the Two  Blue Download Now buttons That have a blue arrow beside them  and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


 NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

 Close your browser and double click on this icon on your desktop:



 You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a  message saying "PENDING" , Ignore that &  click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


22
Malware removal and help / Re: trojan.agent gen-graftor and iminent
« Last post by cjinca on March 16, 2014, 00:08:04 »
I am running DDS.  Seems when I right click/open in new tab I have less problem. I did use add/remove programs to remove iminent but it is still showing on bottom right of screen.

DDS also added a DDS screensaver icon on desktop. Never seen that before so attached it as well for your inspection.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Elisabeth at 16:57:06 on 2014-03-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1710 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:13828
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
StartupFolder: C:\Users\ELISAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: secunia.com
DPF: {26EA04AA-50C9-4AD0-8037-951140AFE389} - hxxps://network.csudh.edu/x/tools/xc_loader_activex.ocx
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\250594E4E4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\352474635383030343 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\7374633424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\74F645F627F637 : DHCPNameServer = 10.24.0.20 10.24.0.22 10.24.0.24
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\84967686C616E6460234F657E64727970294E6E602822392 : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\84967686C616E6460234F657E64727970294E6E602823392 : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{284C1F87-F689-4179-B8C9-63B68C701423}\96261686E6F536F6E666562756E63656 : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\t9fbcsr3.default\
FF - prefs.js: browser.search.selectedEngine - StartWeb
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=9B4B37A5-E1A4-4D04-A6F8-C8CF6C5BA920
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - b0b25ad6000000000000642737332e0b
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16144
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:31:30
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-2-28 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-16 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-2-28 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-2-28 440400]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-2-28 108440]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-3-7 116816]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-30 2451456]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-10-1 1162712]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 ViewPassword;View Password;C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe [2014-3-15 195584]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-7 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-1-7 339600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-7 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-7 53376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe --> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [?]
S2 BingDesktopUpdate;Bing Desktop Update service;"C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" --> C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe --> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-30 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-23 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-2-28 1017424]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-15 20:31:29   --------   d-----w-   C:\Program Files (x86)\IminentToolbar
2014-03-15 20:31:28   --------   d-----w-   C:\Users\Elisabeth\AppData\Roaming\IminentToolbar
2014-03-15 20:30:53   --------   d-----w-   C:\Program Files (x86)\View-Password-soft
2014-03-13 16:14:28   84720   ----a-w-   C:\Windows\System32\drivers\avnetflt.sys
2014-03-06 20:23:29   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\{058A1777-20C3-4021-9F81-2729153079AF}
2014-03-04 23:37:06   --------   d-----w-   C:\Program Files (x86)\Microsoft OneDrive
2014-03-04 23:37:06   --------   d-----r-   C:\Users\Elisabeth\OneDrive
2014-03-04 23:36:45   --------   d-----w-   C:\ProgramData\Microsoft OneDrive
2014-03-02 20:15:53   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\Windows Live
2014-03-02 20:15:35   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\{6137A834-3E4D-4681-8C3E-37B627C510F8}
2014-03-01 05:08:33   --------   d-----w-   C:\Users\Elisabeth\AppData\Roaming\SUPERAntiSpyware.com
2014-03-01 05:08:01   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2014-03-01 05:08:01   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2014-03-01 04:49:39   --------   d-----w-   C:\Users\Elisabeth\AppData\Roaming\Avira
2014-03-01 04:43:07   28600   ----a-w-   C:\Windows\System32\drivers\avkmgr.sys
2014-03-01 04:43:06   108440   ----a-w-   C:\Windows\System32\drivers\avgntflt.sys
2014-03-01 04:40:18   --------   d-----w-   C:\ProgramData\Avira
2014-03-01 04:40:18   --------   d-----w-   C:\Program Files (x86)\Avira
2014-03-01 04:40:12   --------   d-----w-   C:\ProgramData\Package Cache
2014-02-28 19:35:47   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-28 19:35:47   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-28 19:35:45   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2014-02-28 19:35:43   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2014-02-28 19:30:13   --------   d-----w-   C:\Windows\System32\MRT
2014-02-28 18:36:22   10536864   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4747AD2C-BE22-4182-94D2-DB11EDC852D6}\mpengine.dll
2014-02-28 18:19:57   224256   ----a-w-   C:\Windows\System32\wintrust.dll
2014-02-28 18:12:07   202752   ----a-w-   C:\Windows\System32\scrrun.dll
2014-02-28 18:12:07   168960   ----a-w-   C:\Windows\System32\wscript.exe
2014-02-28 18:12:07   163840   ----a-w-   C:\Windows\SysWow64\scrrun.dll
2014-02-28 18:12:07   156160   ----a-w-   C:\Windows\System32\cscript.exe
2014-02-28 18:12:07   150016   ----a-w-   C:\Windows\System32\wshom.ocx
2014-02-28 18:12:07   141824   ----a-w-   C:\Windows\SysWow64\wscript.exe
2014-02-28 18:12:07   126976   ----a-w-   C:\Windows\SysWow64\cscript.exe
2014-02-28 18:12:07   121856   ----a-w-   C:\Windows\SysWow64\wshom.ocx
2014-02-28 18:11:42   984512   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2014-02-28 18:11:41   265152   ----a-w-   C:\Windows\System32\drivers\dxgmms1.sys
2014-02-28 18:11:32   859648   ----a-w-   C:\Windows\System32\IKEEXT.DLL
2014-02-28 18:11:32   830464   ----a-w-   C:\Windows\System32\nshwfp.dll
2014-02-28 18:11:32   656896   ----a-w-   C:\Windows\SysWow64\nshwfp.dll
2014-02-28 18:11:32   324096   ----a-w-   C:\Windows\System32\FWPUCLNT.DLL
2014-02-28 18:11:32   216576   ----a-w-   C:\Windows\SysWow64\FWPUCLNT.DLL
2014-02-28 18:11:22   461312   ----a-w-   C:\Windows\System32\scavengeui.dll
2014-02-27 04:19:35   --------   d-----r-   C:\Users\Elisabeth\AppData\Roaming\Brother
2014-02-27 04:05:40   77824   ------w-   C:\Windows\SysWow64\brlmw03a.dll
2014-02-27 04:05:40   24223   ------w-   C:\Windows\SysWow64\brlm03a.dll
2014-02-27 04:05:40   111928   ------w-   C:\Windows\SysWow64\BRRBTOOL.EXE
2014-02-27 04:05:39   176128   ------w-   C:\Windows\SysWow64\BROSNMP.DLL
2014-02-27 04:05:39   --------   d-----w-   C:\Program Files (x86)\Brownie
2014-02-27 04:05:00   196608   ------w-   C:\Windows\SysWow64\Pdrvinst.dll
2014-02-27 04:05:00   --------   d-----w-   C:\Program Files (x86)\Brother
2014-02-27 04:03:48   733184   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2014-02-27 04:03:48   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2014-02-27 04:03:48   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2014-02-27 04:03:48   32768   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-02-27 04:03:48   266240   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2014-02-27 04:03:48   172032   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2014-02-27 04:03:47   303236   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2014-02-27 04:03:47   180356   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2014-02-26 00:19:13   --------   d-sh--w-   C:\found.003
2014-02-26 00:11:04   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\calibre-cache
2014-02-25 23:43:58   --------   d-----w-   C:\Users\Elisabeth\AppData\Roaming\calibre
2014-02-25 23:43:03   --------   d-----w-   C:\Program Files (x86)\Calibre2
2014-02-25 22:52:48   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\Evernote
2014-02-25 22:12:12   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2014-02-25 22:12:12   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-02-25 21:59:51   --------   d-sh--w-   C:\found.002
2014-02-25 00:20:11   --------   d-----w-   C:\Users\Elisabeth\AppData\Local\Google
2014-02-24 06:46:36   --------   d-----w-   C:\Windows\pss
2014-02-23 19:22:13   --------   d-----w-   C:\Windows\Migration
2014-02-23 19:16:39   1030144   ----a-w-   C:\Windows\System32\TSWorkspace.dll
2014-02-23 19:16:38   792576   ----a-w-   C:\Windows\SysWow64\TSWorkspace.dll
2014-02-23 19:03:27   --------   d-----w-   C:\Program Files\iPod
2014-02-23 19:03:23   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-23 19:03:23   --------   d-----w-   C:\Program Files\iTunes
2014-02-23 19:03:23   --------   d-----w-   C:\Program Files (x86)\iTunes
2014-02-23 18:50:53   548864   ----a-w-   C:\Windows\System32\vbscript.dll
2014-02-23 18:50:53   454656   ----a-w-   C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M  ====================
.
2014-03-14 00:50:28   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-14 00:50:28   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-01 03:00:08   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-02-04 02:32:22   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-02-04 02:04:22   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18   484864   ----a-w-   C:\Windows\System32\wer.dll
2014-01-29 02:06:47   381440   ----a-w-   C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46   228864   ----a-w-   C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2013-12-18 14:13:56   270496   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:58:36.44 ===============
23
Malware removal and help / Re: trojan.agent gen-graftor and iminent
« Last post by cjinca on March 15, 2014, 23:47:51 »
I have opened the computer with safe mode but I cannot open your web site. Message is
unable to connect to the proxy server
S
I get this signed message----- trying to open the  download site for DDS.  I was able to open some of the tab that I have set
24
Malware removal and help / Re: trojan.agent gen-graftor and iminent
« Last post by Derek on March 15, 2014, 23:35:05 »
start in safe mode with networking
press F8 at boot time & select safe mode with networking form the list
then run dds so we can see what is wrong
25
Malware removal and help / trojan.agent gen-graftor and iminent
« Last post by cjinca on March 15, 2014, 23:05:05 »
hi Derek, an hour or so ago I needed to print something andfrom what I can tell, I needed to download Adobe Acrobat Reader first. I thought I was on adobe.com and starting download process. Pretty quickly SUPERAntiSpyware notified me of the Trojan agent. So I think I stop download and ran super anti-spyware and quarantine the Trojan. Then I noticed that I had iminent on bottom right hand off screen where it shows what programs are running. 
I was able to google the name of the Trojan and the word iminent. but when I opened up your website, not only did other windows pop up but it would not allow me to access the spy killer. I turned off the computer and restarted it but I have not tried to open the browser. Please advise how I can run the programs and post blogs when this is going on. I think it has something to do with running computer in safe mode but I need to be talked through it.
26
Uploads / Re: Qoobox files
« Last post by jmx2299 on March 06, 2014, 20:07:19 »
don't know why the attachment wont upload.
27
Uploads / Qoobox files
« Last post by jmx2299 on March 06, 2014, 19:58:23 »
28
Malware removal and help / Re: CPU usage spiking.
« Last post by btam13 on March 04, 2014, 20:30:02 »
I went through and removed any that I had added close to the problem starting.  I will post back if the problem returns.  Thanks for you help Derek.
29
Malware removal and help / Re: CPU usage spiking.
« Last post by Derek on March 04, 2014, 19:49:39 »
unless  you disable all the addons/extensiosn & re-enable them one by one to find out which one ( or ones) are causing the problem, there isn't much else we can do

if MBAM is blocking that is great, but it is very likely one of the extensions is injecting the ads into the web pages
I can't find out much researching most of them and they just don't come up in any of the lists. That doesn't make them automatically bad, just suspicious. They might well just be used in such small numbers that we haven't heard about them yet
30
Malware removal and help / Re: CPU usage spiking.
« Last post by btam13 on March 04, 2014, 19:44:33 »
Thanks for your help Derek.
Pages: 1 2 [3] 4 5 6 7 8 ... 10

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


Useful Advice and Programs

Stop killing hedgehogs with strimmers
Welcome, Guest. Please login or register.
Did you miss your activation email?
April 24, 2014, 09:52:09

Login with username, password and session length

secunia Software inspector


RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running