Author Topic: [Inactive] my pc.. has been taken over by a hacker  (Read 780 times)

0 Members and 1 Guest are viewing this topic.

Offline daviddj

  • Bronze Member
  • Posts: 8
[Inactive] my pc.. has been taken over by a hacker
« on: November 01, 2013, 10:03:09 pm »
please need some advice.i cant access much on my pc as i have hacker in it..ive tried doing starter instructions as u suggust by they do not work..i have alot of new devices added and lost permissions for most my pages..
« Last Edit: November 01, 2013, 10:13:53 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #1 on: November 01, 2013, 10:17:26 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

What kind of internet connection do you have? If you have a wireless connection, is the connection encrypted? Have you changed the default administration password in your router or modem? What version of windows is installed? Can you start windows normally? Do you know for sure it is a hacker, or are you assuming it is a hacker because of what is happening? The more you can tell me about your problem, the better this will work. If you cannot run DDS then it is hard for me to get the information I need to help you.

Also do you have access to a clean computer with a broadband connection that you can either write to a CD or a thumbdrive that is at least 1Gb in size?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #2 on: November 01, 2013, 10:55:09 pm »
g'day hoov..im david..im one of nixter's friends..ive got the same as what she has in her pc..ive just got a bit worse as they downloaded alot kiddy porn

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #3 on: November 01, 2013, 11:29:08 pm »
I need you to answer the question as the bottom of my last post. It will help decide how we go forward.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #4 on: November 02, 2013, 12:01:18 am »
im trying to if u no something that will give me more control we can give it a go

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #5 on: November 02, 2013, 12:29:50 am »
I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Let me know if you can do this.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #6 on: November 02, 2013, 05:57:47 am »
all good back on line it worked

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #7 on: November 02, 2013, 08:15:16 am »
There are two tools below. You will have to spread out the replies over several responses.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste both logs into your next response. You may need more than one response.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #8 on: November 02, 2013, 09:09:01 am »
Also are you also connecting to the internet thru your phone, or do you have some other method of getting connected to the internet?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #9 on: November 02, 2013, 10:55:44 am »
yes using the phone
[1:12:35 PM DAVE-PC - TS_Main.ps1 -   10] [Run-DiagExpression]: Starting .\DC_BasicSystemInformation.ps1

[11/01/2013 13:12:36 DAVE-PC - From DC_BasicSystemInformation.ps1 Line: 30]
Error0x: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) connecting to .
[1:12:36 PM DAVE-PC - TS_Main.ps1 -   10] [Run-DiagExpression]: Finished .\DC_BasicSystemInformation.ps1
[1:12:36 PM DAVE-PC - TS_AutoAddCommands.ps1 -    2] [Run-DiagExpression]: Starting .\TS_SDPHTTPTests.ps1
[1:12:38 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to http://diagnostics.support.microsoft.com returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 403

[11/01/2013 13:12:38 DAVE-PC - From utils_CTS.ps1 Line: 2928]
[Add-GenericMessage] Plug-In Rule created for Root Cause RC_SDPHTTPUnexpectedStatusCode .
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120

[11/01/2013 13:12:38 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:38 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://diagnostics.support.microsoft.com returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 403

[11/01/2013 13:12:38 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:38 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://support.microsoft.com returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 200

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://dcodews.partners.extranet.microsoft.com returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 200

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://dcodews.partners.extranet.microsoft.com/sdpservice/diagnosticux/service.svc returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 200

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://diagnostics.support.microsoft.com/DiagExec/DiagExecService.svc/?method=GetBootParameters returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 405

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to https://dcupload.microsoft.com/tools/win7files/VersionCheck.txt returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 200

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_SDPHTTPTests.ps1 -  114]  -- Connecting to http://download.microsoft.com/download/C/1/0/C10AFE62-19EF-411A-AB37-7BD08D3D44F5/MATSWizard_amd64.cab returned status code: [UnknownError] An exception occurred during a WebClient request. but the expected status code is 200

[11/01/2013 13:12:39 DAVE-PC - From utils_CTS.ps1 Line: 3083]
[Add-GenericMessage] GenericMessage created for Root Cause RC_SDPHTTPUnexpectedStatusCode.
                       Script Name: TS_SDPHTTPTests.ps1
                       Line Number: 120
[1:12:39 PM DAVE-PC - TS_AutoAddCommands.ps1 -    2] [Run-DiagExpression]: Finished .\TS_SDPHTTPTests.ps1
[1:12:39 PM DAVE-PC - TS_AutoAddCommands.ps1 -    5] [Run-DiagExpression]: Starting .\TS_SDPIEESCCheck.ps1
[1:12:39 PM DAVE-PC - TS_SDPIEESCCheck.ps1 -  179] Machine is a client SKU
[1:12:39 PM DAVE-PC - TS_AutoAddCommands.ps1 -    5] [Run-DiagExpression]: Finished .\TS_SDPIEESCCheck.ps1
[1:12:39 PM DAVE-PC - TS_AutoAddCommands.ps1 -    8] [Run-DiagExpression]: Starting .\TS_BasicNetworkInfo.ps1
[1:12:39 PM DAVE-PC - TS_AutoAddCommands.ps1 -    8] [Run-DiagExpression]: Finished .\TS_BasicNetworkInfo.ps1
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 10.0.9200.16720
Run by Guest at 2:45:20 on 2013-11-03
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - <orphaned>
BHO: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\Sidebar.exe /autoRun
uRunOnce: [mctadmin] c:\windows\system32\mctadmin.exe
mRun: [NPSStartup] <no file>
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{1917E9EB-9EA5-44B2-8221-C01F236D9A6E} : DHCPNameServer = 61.9.133.193 61.9.134.49
TCP: Interfaces\{66EA2B16-472D-4063-9889-5CF565C7607A} : NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{7FAE62D8-D603-4038-B134-E1DDEB905BEC} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{7FAE62D8-D603-4038-B134-E1DDEB905BEC}\44A4240284453402 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7FAE62D8-D603-4038-B134-E1DDEB905BEC}\44A60294020786F6E65602 : DHCPNameServer = 10.4.182.20 10.4.81.103
TCP: Interfaces\{7FAE62D8-D603-4038-B134-E1DDEB905BEC}\4616675602C67602 : DHCPNameServer = 192.168.43.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\temp.dave-pc.000\appdata\roaming\mozilla\firefox\profiles\19fy01tr.default\
FF - plugin: c:\program files\google\update\1.3.21.169\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-01 00:37; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-11-02 15:30:44   0   ----a-w-   c:\users\temp.dave-pc.000\DMIC89C.tmp
2013-11-02 15:19:21   377856   ----a-w-   C:\dz1wlp25.exe
2013-11-02 14:25:22   62576   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{cbb1abd5-9e0c-400e-9ad0-07fee95f8679}\offreg.dll
2013-11-01 06:07:18   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2013-11-01 05:55:20   13024   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2013-11-01 02:57:34   --------   d-----w-   c:\programdata\CDB
2013-11-01 02:56:25   --------   d-----w-   c:\program files\Reimage
2013-11-01 02:55:16   --------   d-----w-   C:\rei
2013-11-01 02:18:26   --------   d-----w-   C:\Mozilla
2013-11-01 01:16:37   --------   d-----w-   c:\windows\Profiles
2013-10-31 16:53:09   --------   d-----w-   C:\OEM
2013-10-31 15:32:47   --------   d-----w-   c:\program files\Acer
2013-10-31 14:40:12   --------   d-----w-   c:\windows\system32\_avast_
2013-10-31 14:37:32   50063360   ----a-w-   c:\program files\GUT2C3E.tmp
2013-10-31 14:37:32   --------   d-----w-   c:\program files\GUM2C2E.tmp
2013-10-31 14:37:13   178304   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-10-31 14:37:12   774392   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-10-31 14:37:12   70384   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-10-31 14:37:12   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-10-31 14:37:10   79720   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-10-31 14:36:43   43152   ----a-w-   c:\windows\avastSS.scr
2013-10-31 14:34:56   --------   d-----w-   c:\program files\AVAST Software
2013-10-31 14:26:19   7796464   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{cbb1abd5-9e0c-400e-9ad0-07fee95f8679}\mpengine.dll
2013-10-31 14:17:59   --------   d-----w-   c:\programdata\AVAST Software
2013-10-31 14:16:47   --------   d-----w-   C:\AdwCleaner
2013-10-31 12:40:50   --------   d-----w-   c:\programdata\Malwarebytes
2013-10-31 12:40:34   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-10-31 12:40:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-10-31 08:44:45   7796464   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-31 06:03:51   --------   d-sh--w-   C:\$RECYCLE.BIN
2013-10-26 03:43:48   --------   d-----w-   c:\windows\New folder
2013-10-25 23:19:50   --------   d-----w-   c:\windows\westpac
2013-10-25 05:53:39   719224   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{9ea59833-4c23-4417-ab6c-d6ce3cc95af8}\gapaengine.dll
2013-10-14 11:48:16   --------   d-----w-   c:\programdata\SUPERSetup
2013-10-14 11:33:06   --------   d-----w-   c:\program files\SUPERAntiSpyware
2013-10-13 13:14:12   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-10-13 13:14:05   2876928   ----a-w-   c:\windows\system32\jscript9.dll
2013-10-13 13:14:04   217600   ----a-w-   c:\program files\internet explorer\sqmapi.dll
2013-10-13 13:14:04   108032   ----a-w-   c:\program files\internet explorer\jsdebuggeride.dll
2013-10-12 06:23:20   76288   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2013-10-12 06:23:19   6016   ----a-w-   c:\windows\system32\drivers\usbd.sys
2013-10-12 06:23:19   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2013-10-12 06:23:19   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2013-10-12 06:23:19   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2013-10-12 06:23:19   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2013-10-12 06:23:18   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2013-10-11 16:15:15   1294272   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-10-11 16:15:14   231424   ----a-w-   c:\windows\system32\mswsock.dll
2013-10-11 16:15:13   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-10-11 15:50:44   527064   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-10-11 15:45:35   530432   ----a-w-   c:\windows\system32\comctl32.dll
2013-10-11 15:45:27   3969472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-10-11 15:45:26   619520   ----a-w-   c:\windows\system32\tdh.dll
2013-10-11 15:45:26   3914176   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-10-11 15:45:25   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-10-11 15:45:24   640512   ----a-w-   c:\windows\system32\advapi32.dll
2013-10-11 15:41:02   102608   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 15:40:54   2348544   ----a-w-   c:\windows\system32\win32k.sys
2013-10-11 15:40:45   55808   ----a-w-   c:\windows\system32\drivers\hidclass.sys
2013-10-11 15:40:45   25728   ----a-w-   c:\windows\system32\drivers\hidparse.sys
2013-10-11 15:35:20   729024   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 15:22:36   295424   ----a-w-   c:\windows\system32\atmfd.dll
2013-10-11 15:22:35   10240   ----a-w-   c:\windows\system32\dciman32.dll
2013-10-11 15:22:34   26112   ----a-w-   c:\windows\system32\lpk.dll
2013-10-11 15:22:33   70656   ----a-w-   c:\windows\system32\fontsub.dll
2013-10-11 15:22:31   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-10-11 15:22:05   434688   ----a-w-   c:\windows\system32\scavengeui.dll
2013-10-11 15:19:14   205824   ----a-w-   c:\windows\system32\WebClnt.dll
2013-10-11 15:19:10   81920   ----a-w-   c:\windows\system32\davclnt.dll
2013-10-11 15:19:08   115712   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2013-10-11 15:18:53   146816   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2013-10-11 15:18:51   86016   ----a-w-   c:\windows\system32\drivers\usbcir.sys
.
==================== Find3M  ====================
.
2013-11-01 02:57:46   0   ----a-w-   c:\users\temp.dave-pc.000\nsyCD04.tmp
2013-11-01 01:58:44   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-01 01:58:44   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-11-01 01:07:16   0   ----a-w-   c:\users\temp.dave-pc.000\DMIA047.tmp
2013-11-01 01:06:35   0   ----a-w-   c:\users\temp.dave-pc.000\DMI1D6.tmp
2013-11-01 01:05:49   0   ----a-w-   c:\users\temp.dave-pc.000\DMI4BEF.tmp
2013-11-01 01:04:46   0   ----a-w-   c:\users\temp.dave-pc.000\DMI5699.tmp
2013-09-22 23:28:06   1767936   ----a-w-   c:\windows\system32\wininet.dll
2013-09-22 23:27:48   61440   ----a-w-   c:\windows\system32\iesetup.dll
2013-09-22 23:27:48   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2013-09-21 02:39:47   71680   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-08-05 01:56:47   133056   ----a-w-   c:\windows\system32\drivers\ataport.sys
.
============= FINISH:  2:46:09.19 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer System Information
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
avast! Free Antivirus
D3DX10
DriverUpdate
Facebook Messenger 2.1.4814.0
Google Chrome
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Reimage Repair
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype™ 6.3
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #10 on: November 02, 2013, 10:57:08 am »
lucky last
OTL logfile created on: 3/11/2013 12:47:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Default\Downloads\dds
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
1014.12 Mb Total Physical Memory | 544.99 Mb Available Physical Memory | 53.74% Memory free
1.99 Gb Paging File | 1.61 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.53 Gb Total Space | 2.72 Gb Free Space | 3.86% Space Free | Partition Type: NTFS
Drive D: | 1.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: DAVE-PC | User Name: Guest | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/03 00:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Default\Downloads\dds\log.exe
PRC - [2013/11/01 00:41:04 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/08/12 09:12:38 | 000,312,512 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/01 00:36:40 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [On_Demand | Stopped] -- %windir%\system32\seclogon.dll -- (seclogon)
SRV - File not found [On_Demand | Stopped] -- %windir%\system32\qwave.dll -- (QWAVE)
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2013/11/01 11:58:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/01 00:36:31 | 000,050,344 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/09 20:53:42 | 003,498,856 | ---- | M] (Reimage®) [Disabled | Stopped] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV - [2013/09/11 12:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/12 09:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/24 06:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/01 11:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/04 00:13:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\TEMPDA~1.000\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2013/11/01 15:55:21 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/01 00:36:54 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/01 00:36:54 | 000,178,304 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/01 00:36:54 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/01 00:36:53 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/01 00:36:53 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/01 00:36:51 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/11/01 00:36:51 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/01 00:36:51 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 08:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/08/04 03:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/16 10:55:16 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/02/16 10:55:12 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/01 00:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/09/22 19:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/02 16:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/02 16:07:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=B02A0016D4AA210F&affID=122123&tt=160913_m1&tsp=5013
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: No name found = \Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/10/15 05:31:18 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1917E9EB-9EA5-44B2-8221-C01F236D9A6E}: DhcpNameServer = 61.9.133.193 61.9.134.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66EA2B16-472D-4063-9889-5CF565C7607A}: NameServer = 198.142.0.51 61.88.88.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FAE62D8-D603-4038-B134-E1DDEB905BEC}: DhcpNameServer = 192.168.43.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/03 00:28:31 | 000,000,000 | -H-D | C] -- C:\Users\TEMP.dave-PC.000\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Templates
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Start Menu
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\SendTo
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Recent
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\PrintHood
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\NetHood
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\My Documents
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Local Settings
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Cookies
[2013/11/03 00:28:16 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.dave-PC.000\Application Data
[2013/11/03 00:27:45 | 000,000,000 | RH-D | C] -- C:\Users\TEMP.dave-PC.000\acro_rd_dir
[2013/11/03 00:27:45 | 000,000,000 | ---D | C] -- C:\Users\TEMP.dave-PC.000\%LocalAppData%
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Videos
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Pictures
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Music
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Links
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Favorites
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Downloads
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Documents
[2013/11/03 00:27:44 | 000,000,000 | R--D | C] -- C:\Users\TEMP.dave-PC.000\Desktop
[2013/11/03 00:27:44 | 000,000,000 | -H-D | C] -- C:\Users\TEMP.dave-PC.000\AppData
[2013/11/03 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\TEMP.dave-PC.000\WPDNSE
[2013/11/03 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\TEMP.dave-PC.000\Saved Games
[2013/11/03 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\TEMP.dave-PC.000\msdtadmin
[2013/11/03 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\TEMP.dave-PC.000\mozilla-temp-files
[2013/11/01 16:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/01 15:28:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\New folder
[2013/11/01 12:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2013/11/01 12:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013/11/01 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/11/01 12:55:16 | 000,000,000 | ---D | C] -- C:\rei
[2013/11/01 12:55:16 | 000,000,000 | ---D | C] -- \rei
[2013/11/01 12:18:26 | 000,000,000 | ---D | C] -- C:\Mozilla
[2013/11/01 12:18:26 | 000,000,000 | ---D | C] -- \Mozilla
[2013/11/01 11:16:37 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013/11/01 02:53:09 | 000,000,000 | ---D | C] -- C:\OEM
[2013/11/01 02:53:09 | 000,000,000 | ---D | C] -- \OEM
[2013/11/01 01:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013/11/01 00:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/01 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/01 00:40:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\_avast_
[2013/11/01 00:37:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/01 00:37:13 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/01 00:37:12 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/01 00:37:12 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/01 00:37:11 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/01 00:37:10 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/01 00:37:02 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/01 00:36:43 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/01 00:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/01 00:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/01 00:16:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/01 00:16:47 | 000,000,000 | ---D | C] -- \AdwCleaner
[2013/10/31 22:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/31 22:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/31 22:40:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/31 22:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/31 16:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/31 16:03:51 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/10/26 13:43:48 | 000,000,000 | ---D | C] -- C:\Windows\New folder
[2013/10/26 09:24:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\New folder (2)
[2013/10/26 09:19:50 | 000,000,000 | ---D | C] -- C:\Windows\westpac
[2013/10/26 07:28:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/26 07:28:07 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013/10/14 21:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/10/14 21:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/10/14 21:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/14 21:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[6 C:\Users\TEMP.dave-PC.000\*.tmp files -> C:\Users\TEMP.dave-PC.000\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/03 00:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/03 00:27:16 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/02 23:08:01 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 23:08:01 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 22:59:47 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/02 22:59:47 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 22:51:53 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/11/02 22:32:46 | 000,000,135 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/11/02 14:25:38 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DC90E7DB-8EEA-4B68-8302-94BAE6D05DA7}.job
[2013/11/01 16:04:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/11/01 15:55:21 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/01 12:52:56 | 000,049,208 | ---- | M] () -- C:\Users\TEMP.dave-PC.000\Guest.bmp
[2013/11/01 12:04:31 | 000,162,010 | ---- | M] () -- C:\Users\TEMP.dave-PC.000\PiYpu5ZG.DiagCab.part
[2013/11/01 11:21:54 | 000,002,032 | ---- | M] () -- C:\Users\TEMP.dave-PC.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/01 09:34:57 | 000,000,544 | ---- | M] () -- C:\Users\Public\Documents\new today.crd
[2013/11/01 08:52:35 | 000,891,184 | ---- | M] () -- C:\Users\Public\Documents\SecurityCheck.exe
[2013/11/01 03:20:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/11/01 03:20:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/11/01 00:41:53 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/01 00:41:11 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/01 00:37:55 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ced646c91d2b92.job
[2013/11/01 00:36:54 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/01 00:36:54 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/01 00:36:54 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/01 00:36:53 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/01 00:36:53 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/01 00:36:51 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/01 00:36:51 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/01 00:36:51 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/01 00:36:43 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/01 00:36:43 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/31 22:41:01 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/31 22:39:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 22:08:48 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2013/10/31 22:08:48 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\DriverCure Startup.job
[2013/10/31 21:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/31 21:41:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1397568584-172150002-1453652426-1001UA.job
[2013/10/27 22:38:44 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2013/10/27 06:41:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1397568584-172150002-1453652426-1001Core.job
[2013/10/27 02:20:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/25 23:01:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2013/10/12 07:31:05 | 000,002,457 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/10/12 02:45:37 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[6 C:\Users\TEMP.dave-PC.000\*.tmp files -> C:\Users\TEMP.dave-PC.000\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/03 00:27:49 | 000,002,032 | ---- | C] () -- C:\Users\TEMP.dave-PC.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/03 00:27:49 | 000,000,290 | ---- | C] () -- C:\Users\TEMP.dave-PC.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/03 00:27:49 | 000,000,272 | ---- | C] () -- C:\Users\TEMP.dave-PC.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/03 00:27:46 | 000,162,010 | ---- | C] () -- C:\Users\TEMP.dave-PC.000\PiYpu5ZG.DiagCab.part
[2013/11/03 00:27:46 | 000,049,208 | ---- | C] () -- C:\Users\TEMP.dave-PC.000\Guest.bmp
[2013/11/02 14:25:38 | 000,000,270 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DC90E7DB-8EEA-4B68-8302-94BAE6D05DA7}.job
[2013/11/01 15:55:20 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/01 12:53:51 | 000,000,135 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/11/01 09:34:57 | 000,000,544 | ---- | C] () -- C:\Users\Public\Documents\new today.crd
[2013/11/01 09:23:42 | 000,891,184 | ---- | C] () -- C:\Users\Public\Documents\SecurityCheck.exe
[2013/11/01 03:20:43 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/11/01 03:20:43 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/11/01 03:20:43 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/11/01 03:20:43 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/11/01 00:41:53 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/01 00:41:10 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/01 00:37:55 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ced646c91d2b92.job
[2013/11/01 00:37:13 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/01 00:37:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/10/31 22:41:01 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/14 21:34:02 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 10:46:18 | 000,126,976 | ---- | C] () -- C:\Windows\System32\corelcreatorpm.dll
[2011/06/23 17:34:57 | 000,010,452 | -HS- | C] () -- C:\ProgramData\7em81337o3
[2011/06/22 22:20:08 | 000,010,496 | -HS- | C] () -- C:\ProgramData\o008co058qpt0gajp0u8285d2coxjs2pisdnwnrxw3l
[2010/09/03 00:36:59 | 797,532,160 | -HS- | C] () -- \hiberfil.sys
[2009/07/14 12:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #11 on: November 02, 2013, 03:15:31 pm »
* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline daviddj

  • Bronze Member
  • Posts: 8
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #12 on: November 02, 2013, 10:20:31 pm »
combofix is done
ComboFix 13-11-01.03 - Guest 03/11/2013  14:55:05.1.2 - x86 NETWORK
Running from: c:\users\Default\Downloads\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dave\AppData\Roaming\8237750.exe
c:\users\Default\DMI1D6.tmp
c:\users\Default\DMI4BEF.tmp
c:\users\Default\DMI5699.tmp
c:\users\Default\DMIA047.tmp
c:\users\Default\DMIC89C.tmp
c:\users\Default\nsyCD04.tmp
c:\users\TEMP.dave-PC.000\DMI1D6.tmp
c:\users\TEMP.dave-PC.000\DMI4BEF.tmp
c:\users\TEMP.dave-PC.000\DMI5699.tmp
c:\users\TEMP.dave-PC.000\DMIA047.tmp
c:\users\TEMP.dave-PC.000\DMIC89C.tmp
c:\users\TEMP.dave-PC.000\nsyCD04.tmp
c:\users\TEMP.dave-PC\DMI1D6.tmp
c:\users\TEMP.dave-PC\DMI4BEF.tmp
c:\users\TEMP.dave-PC\DMI5699.tmp
c:\users\TEMP.dave-PC\DMIA047.tmp
c:\users\TEMP.dave-PC\DMIC89C.tmp
c:\users\TEMP.dave-PC\nsyCD04.tmp
c:\windows\system32\config\systemprofile\DMI4B9F.tmp
c:\windows\system32\config\systemprofile\DMI5205.tmp
c:\windows\system32\config\systemprofile\DMI5791.tmp
c:\windows\system32\config\systemprofile\DMI61ED.tmp
c:\windows\system32\config\systemprofile\nsg90BC.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-03 to 2013-11-03  )))))))))))))))))))))))))))))))
.
.
2013-11-03 05:11 . 2013-11-03 05:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-11-03 05:11 . 2013-11-03 05:11   --------   d-----w-   c:\users\dave\AppData\Local\temp
2013-11-03 03:50 . 2013-11-03 03:50   103680   ----a-w-   C:\kxldapow.sys
2013-11-02 17:06 . 2013-11-02 17:11   0   ----a-w-   C:\dz1wlp25.bat
2013-11-02 15:19 . 2013-11-02 15:19   377856   ----a-w-   C:\dz1wlp25.exe
2013-11-02 14:25 . 2013-11-02 16:21   62576   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBB1ABD5-9E0C-400E-9AD0-07FEE95F8679}\offreg.dll
2013-11-01 10:43 . 2013-11-01 10:43   --------   d-----w-   c:\users\dave\AppData\Local\Macromedia
2013-11-01 06:36 . 2013-11-01 06:36   --------   d-----w-   c:\users\dave\AppData\Roaming\AVAST Software
2013-11-01 06:07 . 2013-11-01 06:07   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2013-11-01 05:55 . 2013-11-01 05:55   13024   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2013-11-01 02:57 . 2013-11-01 02:57   --------   d-----w-   c:\programdata\CDB
2013-11-01 02:56 . 2013-11-01 02:56   --------   d-----w-   c:\program files\Reimage
2013-11-01 02:55 . 2013-11-01 02:59   --------   d-----w-   C:\rei
2013-11-01 02:50 . 2013-11-01 02:50   --------   d-----w-   c:\users\Default\WPDNSE
2013-11-01 02:18 . 2013-11-01 02:18   --------   d-----w-   C:\Mozilla
2013-11-01 02:05 . 2013-11-01 02:05   --------   d-----w-   c:\users\Default\%LocalAppData%
2013-11-01 02:04 . 2013-11-01 02:55   --------   d-----w-   c:\users\Default\msdtadmin
2013-11-01 02:01 . 2013-11-01 02:54   --------   d--h--r-   c:\users\Default\acro_rd_dir
2013-11-01 02:01 . 2013-11-01 02:01   --------   d-----w-   c:\users\Default\AppData\Local\Macromedia
2013-11-01 01:53 . 2013-11-01 02:46   --------   d-----w-   c:\users\Default\mozilla-temp-files
2013-11-01 01:52 . 2013-11-01 01:52   --------   d-----w-   c:\users\Default\AppData\Local\Mozilla
2013-11-01 01:21 . 2013-11-01 01:21   --------   d-----w-   c:\users\Default\AppData\Local\Google
2013-11-01 01:16 . 2013-11-01 01:16   --------   d-----w-   c:\windows\Profiles
2013-10-31 22:10 . 2013-10-31 22:10   --------   d-----w-   c:\users\dave\New today
2013-10-31 16:53 . 2013-11-01 23:29   --------   d-----w-   C:\OEM
2013-10-31 15:32 . 2013-10-31 15:32   --------   d-----w-   c:\program files\Acer
2013-10-31 14:40 . 2013-10-31 14:40   --------   d-----w-   c:\windows\system32\config\systemprofile\avast_ash
2013-10-31 14:40 . 2013-11-02 11:31   --------   d-----w-   c:\windows\system32\_avast_
2013-10-31 14:37 . 2013-10-31 14:39   50063360   ----a-w-   c:\program files\GUT2C3E.tmp
2013-10-31 14:37 . 2013-10-31 14:37   --------   d-----w-   c:\program files\GUM2C2E.tmp
2013-10-31 14:37 . 2013-10-31 14:36   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-10-31 14:37 . 2013-10-31 14:36   403440   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-10-31 14:37 . 2013-10-31 14:36   178304   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-10-31 14:37 . 2013-10-31 14:36   774392   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-10-31 14:37 . 2013-10-31 14:36   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-10-31 14:37 . 2013-10-31 14:36   70384   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-10-31 14:37 . 2013-10-31 14:36   35656   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-10-31 14:37 . 2013-10-31 14:36   79720   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-10-31 14:37 . 2013-10-31 14:36   269216   ----a-w-   c:\windows\system32\aswBoot.exe
2013-10-31 14:36 . 2013-10-31 14:36   43152   ----a-w-   c:\windows\avastSS.scr
2013-10-31 14:34 . 2013-10-31 14:34   --------   d-----w-   c:\program files\AVAST Software
2013-10-31 14:26 . 2013-10-14 06:39   7796464   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBB1ABD5-9E0C-400E-9AD0-07FEE95F8679}\mpengine.dll
2013-10-31 14:20 . 2013-10-31 14:47   --------   d-----w-   c:\users\TEMP
2013-10-31 14:17 . 2013-10-31 14:18   --------   d-----w-   c:\programdata\AVAST Software
2013-10-31 14:16 . 2013-11-01 05:22   --------   d-----w-   C:\AdwCleaner
2013-10-31 13:35 . 2013-10-31 13:35   --------   d-----w-   c:\users\dave\AppData\Roaming\Malwarebytes
2013-10-31 12:40 . 2013-10-31 12:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-10-31 12:40 . 2013-04-04 03:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-10-31 12:40 . 2013-10-31 12:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-10-31 08:44 . 2013-10-14 06:39   7796464   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-27 09:29 . 2013-10-28 00:25   --------   d-----w-   c:\users\Guest
2013-10-26 03:43 . 2013-10-26 03:43   --------   d-----w-   c:\windows\New folder
2013-10-25 23:19 . 2013-10-25 23:19   --------   d-----w-   c:\windows\westpac
2013-10-25 05:53 . 2013-10-25 05:40   719224   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9EA59833-4C23-4417-AB6C-D6CE3CC95AF8}\gapaengine.dll
2013-10-14 11:48 . 2013-10-14 11:48   --------   d-----w-   c:\programdata\SUPERSetup
2013-10-14 11:34 . 2013-10-14 11:34   --------   d-----w-   c:\users\dave\AppData\Roaming\SUPERAntiSpyware.com
2013-10-14 11:33 . 2013-10-31 14:41   --------   d-----w-   c:\program files\Google
2013-10-14 11:33 . 2013-11-01 06:07   --------   d-----w-   c:\program files\SUPERAntiSpyware
2013-10-13 13:14 . 2013-09-21 03:30   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-10-13 13:14 . 2013-09-22 23:27   2876928   ----a-w-   c:\windows\system32\jscript9.dll
2013-10-13 13:14 . 2013-09-22 23:28   217600   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2013-10-13 13:14 . 2013-09-22 23:27   108032   ----a-w-   c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-12 06:23 . 2013-09-04 01:14   76288   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2013-10-12 06:23 . 2013-09-04 01:15   258560   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2013-10-12 06:23 . 2013-09-04 01:14   284672   ----a-w-   c:\windows\system32\drivers\usbport.sys
2013-10-12 06:23 . 2013-09-04 01:14   43008   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2013-10-12 06:23 . 2013-09-04 01:14   24064   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2013-10-12 06:23 . 2013-09-04 01:14   6016   ----a-w-   c:\windows\system32\drivers\usbd.sys
2013-10-12 06:23 . 2013-09-04 01:14   20480   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2013-10-11 16:15 . 2013-09-08 02:07   1294272   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-10-11 16:15 . 2013-09-08 02:03   231424   ----a-w-   c:\windows\system32\mswsock.dll
2013-10-11 16:15 . 2013-09-14 00:48   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-10-11 15:50 . 2013-06-25 22:56   527064   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-10-11 15:45 . 2013-07-04 11:50   530432   ----a-w-   c:\windows\system32\comctl32.dll
2013-10-11 15:45 . 2013-08-29 01:51   3969472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-10-11 15:45 . 2013-08-29 01:51   3914176   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-10-11 15:45 . 2013-08-29 01:50   619520   ----a-w-   c:\windows\system32\tdh.dll
2013-10-11 15:45 . 2013-08-29 01:50   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-10-11 15:45 . 2013-08-29 01:48   640512   ----a-w-   c:\windows\system32\advapi32.dll
2013-10-11 15:41 . 2013-07-20 10:33   102608   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 15:40 . 2013-08-28 01:04   2348544   ----a-w-   c:\windows\system32\win32k.sys
2013-10-11 15:40 . 2013-07-03 03:36   55808   ----a-w-   c:\windows\system32\drivers\hidclass.sys
2013-10-11 15:40 . 2013-07-03 03:36   25728   ----a-w-   c:\windows\system32\drivers\hidparse.sys
2013-10-11 15:35 . 2013-08-01 11:03   729024   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 15:22 . 2013-06-06 03:01   295424   ----a-w-   c:\windows\system32\atmfd.dll
2013-10-11 15:22 . 2013-06-06 04:50   10240   ----a-w-   c:\windows\system32\dciman32.dll
2013-10-11 15:22 . 2013-06-06 04:52   26112   ----a-w-   c:\windows\system32\lpk.dll
2013-10-11 15:22 . 2013-06-06 04:51   70656   ----a-w-   c:\windows\system32\fontsub.dll
2013-10-11 15:22 . 2013-06-06 03:01   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-10-11 15:22 . 2013-08-28 00:57   434688   ----a-w-   c:\windows\system32\scavengeui.dll
2013-10-11 15:19 . 2013-07-04 11:57   205824   ----a-w-   c:\windows\system32\WebClnt.dll
2013-10-11 15:19 . 2013-07-04 11:51   81920   ----a-w-   c:\windows\system32\davclnt.dll
2013-10-11 15:19 . 2013-07-04 09:48   115712   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2013-10-11 15:18 . 2013-07-12 10:08   146816   ----a-w-   c:\windows\system32\drivers\usbvideo.sys
2013-10-11 15:18 . 2013-07-12 10:07   86016   ----a-w-   c:\windows\system32\drivers\usbcir.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-01 01:58 . 2013-03-31 09:37   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-11-01 01:58 . 2011-07-23 21:45   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 11:00 . 2011-03-25 20:05   718712   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-31 14:36   321752   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2013-10-31 14:41   3567800   ----a-w-   c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 09:30   173592   ----a-w-   c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 09:30   141848   ----a-w-   c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-08-11 23:11   995176   ----a-w-   c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 09:30   150552   ----a-w-   c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17   1174016   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe
.
R0 aswRvrt;avast! Revert;

R0 aswVmm;avast! VM Monitor;

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-31 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-31 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-31 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-31 70384]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-11 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-11-01 13024]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1343400]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
R4 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [2013-10-09 3498856]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-31 14:40   1185744   ----a-w-   c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14   126464   ----a-w-   c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 01:58]
.
2013-11-01 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2012-11-28 21:27]
.
2013-10-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1397568584-172150002-1453652426-1001Core.job
- c:\users\dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 20:36]
.
2013-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1397568584-172150002-1453652426-1001UA.job
- c:\users\dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 20:36]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ced646c91d2b92.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-14 11:33]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-14 11:33]
.
2013-11-02 c:\windows\Tasks\User_Feed_Synchronization-{DC90E7DB-8EEA-4B68-8302-94BAE6D05DA7}.job
- c:\windows\system32\msfeedssync.exe [2013-05-01 17:12]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{66EA2B16-472D-4063-9889-5CF565C7607A}: NameServer = 198.142.0.51 61.88.88.88
FF - ProfilePath - c:\users\TEMP.dave-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\19fy01tr.default\
FF - ExtSQL: 2013-11-01 00:37; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1e7e4de1-5ef4-4baa-9250-c26258dc499a} - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-03  15:15:09
ComboFix-quarantined-files.txt  2013-11-03 05:15
.
Pre-Run: 3,404,750,848 bytes free
Post-Run: 42,957,926,400 bytes free
.
- - End Of File - - CC93962D1E97625B86C59C07A73DDD6E
A36C5E4F47E84449FF07ED3517B43A31

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #13 on: November 02, 2013, 10:33:52 pm »
Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25200
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] my pc.. has been taken over by a hacker
« Reply #14 on: November 30, 2013, 07:11:29 pm »
daviddj, do you still need help?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!