It is currently Sun Aug 20, 2017 11:49 pm


HJT log

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

HJT log

Postby wintacs » Fri Jun 19, 2015 9:10 am

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:56:39 AM, on 6/19/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
CHROME: 43.0.2357.124
FIREFOX: 38.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\SpotifyWebHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\ryan\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\ryan\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Download] "C:\Documents and Settings\ryan\Local Settings\Application Data\SupportSoft\ddoctorv2\ryan\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Documents and Settings\ryan\Application Data\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.hoppy.com/sacramento/cams/vatdec.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2412367421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11671 bytes
A+, Network+, MCP
wintacs
Geek
Geek
 
Posts: 34
Joined: Thu Apr 05, 2007 12:43 am

Thanks given:0
Thanks received:0
Top

Re: HJT log

Postby wintacs » Sat Jun 20, 2015 3:34 pm

Do you guys still check these logs here? If not then what is the new method to insure a clean log?
A+, Network+, MCP
wintacs
Geek
Geek
 
Posts: 34
Joined: Thu Apr 05, 2007 12:43 am

Thanks given:0
Thanks received:0
Top

Re: HJT log

Postby Gecko » Sun Jun 21, 2015 11:37 pm

wintacs,

No we haven't used HJT is awhile, how every it was affective enough to show some problems

Download Malwarebytes Anti-Malware to your desktop and run the install. During the install make sure to uncheck for the Trial version box, you want the free version. Once it's updated then run a Full scan.

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: HJT log

Postby wintacs » Wed Jun 24, 2015 12:48 am

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2015
Scan Time: 2:02:32 PM
Logfile: scan1.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.23.06
Rootkit Database: v2015.06.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363512
Time Elapsed: 1 hr, 30 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebates.exe, 784, Delete-on-Reboot, [0a18b9056b1f1422ff4e3f97c2417c84]

Modules: 0
(No malicious items detected)

Registry Keys: 39
PUP.DealPly, HKLM\SOFTWARE\CLASSES\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
PUP.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
PUP.DealPly, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
PUP.DealPly, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
PUP.DealPly, HKLM\SOFTWARE\CLASSES\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\INPROCSERVER32, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
Trojan.Vundo, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [73af635b86046ccac41f3d6ab053cb35],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00A6FAF1-072E-44CF-8957-5838F569A31D}, Quarantined, [e240c5f9167415210edf333e7a891be5],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF1-072E-44CF-8957-5838F569A31D}, Quarantined, [e240c5f9167415210edf333e7a891be5],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{07B18EA1-A523-4961-B6BB-170DE4475CCA}, Quarantined, [a47e3d81a0eae15585699ed3d72c4bb5],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{07B18EA1-A523-4961-B6BB-170DE4475CCA}, Quarantined, [a47e3d81a0eae15585699ed3d72c4bb5],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [af73605e7c0ea591b63c991625de926e],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [af73605e7c0ea591b63c991625de926e],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\MICROSOFT\CODE STORE DATABASE\DISTRIBUTION UNITS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [af73605e7c0ea591b63c991625de926e],
PUP.Optional.StartNow.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [d64c7747ff8b0f273a35393d5ea510f0],
PUP.Optional.StartNow.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [d64c7747ff8b0f273a35393d5ea510f0],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [be649826c5c57abc2753cde4db28e719],
Adware.Softomate, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}, Quarantined, [f62cecd26723c670165a64311ae9748c],
PUP.Optional.Dealply, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DealPly, Quarantined, [50d2a21ce0aa43f3ba3c1360a95d4ab6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\DealPly, Quarantined, [fe2458665733a195922a9a95dc2838c8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [919103bb8ffbc0764b169898798b0af6],
PUP.Optional.StartNow.A, HKU\S-1-5-18\SOFTWARE\StartNow Toolbar, Quarantined, [65bd12ac0e7cec4af2c35133768fa65a],
PUP.Optional.DealPly.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\DealPly, Quarantined, [1012704ed6b4be782eb041d0af559f61],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\InstallCore, Quarantined, [1d05a816741606305a34573ffd084db3],
PUP.Optional.DealPly.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [938fc2fc6921c3733f23c56b9d675ba5],
PUP.Optional.MyWebSearch.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [e141625c8703999de0c9464c778ebf41],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SelectRebatesUninstall, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar.1, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ShopAtHome.IEToolbar, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ToolBand.ShopAtHomeIEHelper.1, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\ToolBand.ShopAtHomeIEHelper, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\CLASSES\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\INPROCSERVER32, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],

Registry Values: 5
Adware.Hotbar, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH, http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS, Quarantined, [f929c4fa92f8eb4b28bf199dfc08fd03]
PUP.Optional.MyWebSearch.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, http://www.mywebsearch.com/jsp/cfg_redi ... searchfor={searchTerms}&si=103139&n=77ce7b04, Quarantined, [e141625c8703999de0c9464c778ebf41]
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SelectRebates, C:\Program Files\SelectRebates\SelectRebates.exe, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84]
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-861567501-1450960922-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, 8Å?'Ë?KÃ?ÏKâ??Ã?ŽÃ?`iÃ?ô{26DE3D85-9EE5-47fd-8959-B0F45CF374A5}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84]
PUP.Optional.ShopAtHome.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],

Registry Data: 2
Broken.OpenCommand, HKCR\scrfile\shell\open\command, NOTEPAD.EXE Good: ("Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]" /S), %4, %5
Broken.OpenCommand, HKCR\regfile\shell\open\command, NOTEPAD.EXE Good: (regedit.exe "Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]"), %4, %5

Folders: 13
PUP.Optional.DealPly.A, C:\Program Files\DealPly, Quarantined, [3ce6cbf3cdbd2c0a514378e252b3f808],
PUP.OPtional.Dealply.A, C:\Documents and Settings\All Users\Start Menu\Programs\DealPly, Quarantined, [d74ba717eaa0a5916c43f16be71ede22],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates, Delete-on-Reboot, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\chrome, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\defaults, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\defaults\preferences, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SahImages, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\Cache, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\ImageCache, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.FoxTabFLVPlayer.A, C:\Program Files\FoxTabFLVPlayer, Quarantined, [b36f3f7f6e1c2214aa381dd2966d33cd],
PUP.Optional.FoxTabFLVPlayer.A, C:\Program Files\FoxTabFLVPlayer\Uninstall, Quarantined, [b36f3f7f6e1c2214aa381dd2966d33cd],

Files: 54
PUP.DealPly, C:\Program Files\DealPly\DealPlyIE.dll, Quarantined, [6fb3942adfab1e186c0ee38f45c13fc1],
PUP.Optional.Dealply, C:\Program Files\DealPly\uninst.exe, Quarantined, [50d2a21ce0aa43f3ba3c1360a95d4ab6],
PUP.Optional.InstallCore, C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe, Quarantined, [091956687a10dd5955d9e5490000c63a],
KoobFace.Trace, C:\WINDOWS\bk23567.dat, Quarantined, [54cedce213779d9937d1eeba93716898],
KoobFace.Trace, C:\WINDOWS\fdgg34353edfgdfdf, Quarantined, [cc56e6d84347ef47e9bcadfcf41041bf],
Koobface.Trace, C:\WINDOWS\lgo, Quarantined, [00224f6f5238ad890327c5e6b94b8f71],
PUP.Optional.DealPly.A, C:\Program Files\DealPly\DealPly.crx, Quarantined, [3ce6cbf3cdbd2c0a514378e252b3f808],
PUP.Optional.DealPly.A, C:\Program Files\DealPly\icon.ico, Quarantined, [3ce6cbf3cdbd2c0a514378e252b3f808],
PUP.OPtional.Dealply.A, C:\Documents and Settings\All Users\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, Quarantined, [d74ba717eaa0a5916c43f16be71ede22],
PUP.OPtional.Dealply.A, C:\Documents and Settings\All Users\Start Menu\Programs\DealPly\DealPly Help.lnk, Quarantined, [d74ba717eaa0a5916c43f16be71ede22],
PUP.OPtional.Dealply.A, C:\Documents and Settings\All Users\Start Menu\Programs\DealPly\DealPly.lnk, Quarantined, [d74ba717eaa0a5916c43f16be71ede22],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectAlerts.dat, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebates.exe, Delete-on-Reboot, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebates.ini, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesA.dat, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesApi.exe, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesB.dat, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesBT.dat, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesDownload.exe, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesH.dat, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SelectRebatesUninstall.exe, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SRebates.dll, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SRFF3.dll, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\chrome.manifest, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\install.rdf, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SahImages\alert.png, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SahImages\check.png, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\SahImages\close.png, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\logo.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\AddtoList.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\basis.xml, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\Basis.xml.dym, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\basis.xml.temp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\Blank.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\CashBack.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\Coupons.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\GroceryCoupon.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\icons.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\logo_24.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\logo_HotSpots.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\ReviewSite.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\RightControls.dym, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-alert.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-go.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-icons.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-restaurant.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\sahtb-wishlist.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\Scissors.bmp, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.ShopAtHome.A, C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll, Quarantined, [0a18b9056b1f1422ff4e3f97c2417c84],
PUP.Optional.FoxTabFLVPlayer.A, C:\Program Files\FoxTabFLVPlayer\Uninstall\uninst.dat, Quarantined, [b36f3f7f6e1c2214aa381dd2966d33cd],

Physical Sectors: 0
(No malicious items detected)


(end)
A+, Network+, MCP
wintacs
Geek
Geek
 
Posts: 34
Joined: Thu Apr 05, 2007 12:43 am

Thanks given:0
Thanks received:0
Top

Re: HJT log

Postby Gecko » Wed Jun 24, 2015 4:22 pm

Well it looks like Malwarebytes found and fixed a number of issues.

So how is it running now?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: HJT log

Postby wintacs » Thu Jun 25, 2015 4:40 am

like a 15 year old computer with a 16 year old hard drive. lol. no lie.

spits, sputter and lag.

Thank you again, glad to see that you're still at it.
A+, Network+, MCP
wintacs
Geek
Geek
 
Posts: 34
Joined: Thu Apr 05, 2007 12:43 am

Thanks given:0
Thanks received:0
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron