The New Back to School Math

+
60% off
=
A GREAT DEAL
Buy Now  |  60% off

Odd behaviour, can't seem to fix it.

Posted 8/7/2017 11:01 AM
#124673
User avatar

uberdogmel Valued member

Date Joined Nov 2016
Total Posts: 14
Some persistent browser hijacking, and some slowness, any help appreciated.
Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 1:57:23 AM, on 8/7/2017

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.15063.0000)

CHROME: 1.5.1693.0

FIREFOX: 54.0.1 (x86 en-US)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Users\Matt\AppData\Local\Dropbox\Update\DropboxUpdate.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDrive.exe

C:\Users\Matt\AppData\Roaming\Spotify\SpotifyWebHelper.exe

C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Users\Matt\AppData\Roaming\HP SimpleSave Application\StartHelper.exe

C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Matt\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe

C:\WINDOWS\SysWOW64\NOTEPAD.EXE

C:\WINDOWS\SysWOW64\NOTEPAD.EXE

C:\Users\Matt\Downloads\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&continue=https://mail.google.com/mail/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll

O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Matt\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

O4 - HKCU\..\Run: [Google Update] C:\Users\Matt\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe

O4 - HKCU\..\Run: [DVDFab Passkey] "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"

O4 - HKCU\..\Run: [OneDrive] "C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Matt\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Spotify] "C:\Users\Matt\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [EPSON NX410 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\WINDOWS\TEMP\E_S8534.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

O4 - Startup: HP SimpleSave Monitor.lnk = C:\Users\Matt\AppData\Roaming\HP SimpleSave Application\StartHelper.exe

O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0

O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4

O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3

O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1

O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)

O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 14223 bytes

 
Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 8/7/2017

Scan Time: 12:56 AM

Logfile: Mbam Log 7th Aug 2017.txt

Administrator: Yes


Version: 2.2.1.1043

Malware Database: v2017.08.07.03

Rootkit Database: v2017.08.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 10

CPU: x64

File System: NTFS

User: Matt


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 342009

Time Elapsed: 36 min, 11 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 0

(No malicious items detected)


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)




(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.15063.0  BrowserJavaVersion: 11.121.2

Run by Matt at 1:46:03 on 2017-08-07

Microsoft Windows 10 Home  10.0.15063.0.1252.1.1033.18.3959.1064 [GMT -7:00]

.

AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

.

============== Running Processes ===============

.

c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay

C:\WINDOWS\system32\fontdrvhost.exe

C:\WINDOWS\system32\fontdrvhost.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

c:\windows\system32\svchost.exe -k rpcss

c:\windows\system32\svchost.exe -k dcomlaunch -s LSM

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc

c:\windows\system32\svchost.exe -k netsvcs -s Schedule

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv

c:\windows\system32\svchost.exe -k localservice -s nsi

c:\windows\system32\svchost.exe -k netsvcs -s UserManager

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp

c:\windows\system32\svchost.exe -k appmodel -s StateRepository

C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted

c:\windows\system32\svchost.exe -k networkservice -s NlaSvc

C:\Windows\System32\WUDFHost.exe

c:\windows\system32\svchost.exe -k localservice -s netprofm

c:\windows\system32\svchost.exe -k networkservice -s Dnscache

c:\windows\system32\svchost.exe -k netsvcs -s Themes

c:\windows\system32\svchost.exe -k localservice -s EventSystem

c:\windows\system32\svchost.exe -k netsvcs -s SENS

c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder

c:\windows\system32\svchost.exe -k localservice -s FontCache

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted

c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection

c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc

C:\WINDOWS\System32\spoolsv.exe

c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation

c:\windows\system32\sihost.exe

c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc

c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\WINDOWS\System32\svchost.exe -k utcsvc

c:\windows\system32\svchost.exe -k apphost -s AppHostSvc

c:\windows\system32\svchost.exe -k networkservice -s CryptSvc

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt

c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer

c:\windows\system32\svchost.exe -k iissvcs

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks

C:\OEM\USBDECTION\USBS3S4Detection.exe

c:\windows\system32\svchost.exe -k netsvcs -s WpnService

c:\windows\system32\taskhostw.exe

c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc

C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost

c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker

C:\WINDOWS\Explorer.EXE



.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 10 Home

Boot Device: \Device\HarddiskVolume2

Install Date: 5/16/2017 11:43:25 PM

System Uptime: 8/6/2017 6:19:26 PM (7 hours ago)

.

Motherboard: Acer |  | Aspire X3950

Processor: Intel(R) Core(TM) i3 CPU         540  @ 3.07GHz | CPU 1 | 1200/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 442 GiB total, 193.265 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&153956B5&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&153956B5&0

Service: i8042prt

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&153956B5&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&153956B5&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP8: 7/13/2017 9:01:42 PM - Windows Update

RP11: 8/1/2017 9:30:35 PM - Installed MIDI-OX

RP12: 8/3/2017 8:31:30 PM - Installed VirtualDJ 8

RP14: 8/5/2017 12:39:23 AM - Removed VirtualDJ 8

.

==== Installed Programs ======================

.

 clear.fi

50 FREE MP3s +1 Free Audiobook!

7-Zip 16.04 (x64 edition)

Acer eRecovery Management

Acer Games

Acer ScreenSaver

Acer Updater

Adobe Acrobat Reader DC

Adobe AIR

Adobe Flash Player 24 NPAPI

Adobe Refresh Manager

Agatha Christie - Death on the Nile

alien_crossfire

alpha_centauri

Apple Application Support

Apple Software Update

Archimedean Dynasty 1.120

Audacity 2.1.3

Avast Free Antivirus

Bejeweled 3

BOINC

Bundled software uninstaller

CCleaner

CDisplayEx 1.9.15

ChromecastApp

Chronicles of Albian

Cisco WebEx Meetings

clear.fi

clear.fi Client

CMS3

Combined Community Codec Pack 2015-10-18

Cradle of Rome 2

D3DX10

Deluge 1.3.13

DJ Intro version 1.2.8

Dora's World Adventure

Download Updater (AOL Inc.)

Dropbox

DVDFab Passkey 8.2.7.1 (28/04/2016)

eBay Worldwide

EPSON NX410 Series Printer Uninstall

EPSON Scan

Evernote v. 6.5.4

FATE

Final Drive: Nitro

Fooz Kids

Fooz Kids Platform

Free eXPert PDF Reader

g!Connect

g!Tools

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

HomeWorks QS 9.2.0

Hotkey Utility

Identity Card

Intel(R) Control Center

Intel(R) Processor Graphics

Java 8 Update 121

Java 8 Update 144

Java Auto Updater

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

Junk Mail filter update

Kobo

Malwarebytes Anti-Malware version 2.2.1.1043

McAfee SiteAdvisor

McAfee WebAdvisor

MediaMonkey 4.1

Mesh Runtime

Microsoft .NET Framework 4.5.2

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)

Microsoft LifeCam

Microsoft Office 2010

Microsoft OneDrive

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2012 Express LocalDB

Microsoft SQL Server 2012 Management Objects

Microsoft System CLR Types for SQL Server 2012

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215

Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215

Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215

MIDI-OX

Mixxx 2.0.0 (64-bit)

Mozilla Firefox 54.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Native Instruments Controller Editor

Native Instruments Service Center

Native Instruments Traktor 2

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Network Secured DNSIO

Nexus - The Jupiter Incident

Norton Online Backup

OpenOffice 4.0.0

Oracle VM VirtualBox 5.0.12

Penguins!

Plants vs. Zombies - Game of the Year

PMB

Polar Bowler

Polar Golfer

Privatefirewall 7.0

QuickTime 7

RadioRA 2 8.0

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Rosetta Stone Ltd Services

Rosetta Stone TOTALe

SafeZone Stable 3.55.2393.609

Shredder

Sid Meier's Alpha Centauri

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7

Skype Click to Call

Skype™ 7.39

Spotify

SpywareBlaster 5.5

StarTopia

Steam

StudioTax 2012

StudioTax 2013

StudioTax 2014

StudioTax 2015

StudioTax 2016

SUPERAntiSpyware

Tales of Lagoona

Team Fortress 2

Torchlight

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers

VirtualDJ 8

Warcraft III

Warfare Online

Welcome Center

WildTangent Games App (Acer Games)

Windows 10 Update and Privacy Settings

Windows Driver Package - Lutron Electronics Co. Inc. (WinUSB) USB  (11/10/2010 1.0.1)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

8/6/2017 6:24:23 PM, Error: Service Control Manager [7022]  - The Delivery Optimization service hung on starting.

8/6/2017 6:20:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user Expensive2\Matt SID (S-1-5-21-1593604833-3916467440-1390602024-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

8/6/2017 6:19:57 PM, Error: Service Control Manager [7023]  - The SysMain service terminated with the following error:  The request is not supported.

8/6/2017 6:19:54 PM, Error: Service Control Manager [7001]  - The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/6/2017 6:19:50 PM, Error: Service Control Manager [7000]  - The CldFlt service failed to start due to the following error:  The request is not supported.

8/5/2017 8:44:49 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

8/4/2017 6:16:40 PM, Error: Service Control Manager [7022]  - The Software Protection service hung on starting.

8/3/2017 5:47:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D02: Microsoft Photos.

8/2/2017 7:10:02 PM, Error: Service Control Manager [7034]  - The Downloaded Maps Manager service terminated unexpectedly.  It has done this 1 time(s).

8/1/2017 9:50:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/1/2017 9:50:20 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

8/1/2017 9:45:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

8/1/2017 9:45:06 PM, Error: Service Control Manager [7043]  - The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

 
Posted 8/7/2017 5:05 PM
#124679
User avatar

Andreea-Luciana Ostache Advanced member

Date Joined Nov 2016
Total Posts: 632
Hello,



Update Malwarebytes and run a scan with it. Make sure you go into settings and activate "scan for rootkits" if it's not already active.

Post the log with the results.
Andreea-Luciana Ostache
Support Team Leader
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/7/2017 7:15 PM
#124680
User avatar

uberdogmel Valued member

Date Joined Nov 2016
Total Posts: 14
Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 8/7/2017

Scan Time: 9:16 AM

Logfile: Mbam Log 7th aug 17.txt

Administrator: Yes


Version: 2.2.1.1043

Malware Database: v2017.08.07.07

Rootkit Database: v2017.08.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 10

CPU: x64

File System: NTFS

User: Matt


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 342270

Time Elapsed: 36 min, 24 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 0

(No malicious items detected)


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)




(end)

Posted 8/8/2017 9:40 AM
#124681
User avatar

Andreea-Luciana Ostache Advanced member

Date Joined Nov 2016
Total Posts: 632
Since you are using Avaqst already, uninstall McAfee WebAdvisor.



Also take these steps:



1. Go to Start and type CMD.exe in the search field. After you type that in, wait for a few moments and, when CMD.exe is displayed in the list above, right-click on it and select "Run as administrator".

2. In the black CMD window type the following and press Enter after each line:

 netsh winsock reset

ipconfig /flushdns

ipconfig /renew

nbtstat –R

nbtstat –RR

netsh int ip reset all

netsh winhttp reset proxy

3. Wait for CMD to be finished and reboot the computer.



If the issue still persists, please explain better what you mean by persistent browser hijacking.
Andreea-Luciana Ostache
Support Team Leader
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/9/2017 6:43 AM
#124682
User avatar

uberdogmel Valued member

Date Joined Nov 2016
Total Posts: 14
Hi, thanks for your help so far. I followed your instructions but Chrome and Mozilla still seem afflicted. Edge seems on the surface of it at least, to be immune although who can really say. Certainly not me, which is why I`m here.



Mozilla sometimes opens with:



http://mysagagame.com/preland-2912_3.html?pid=10&sid=1&nonad=1&s2s=VjN8MTcwMjl8Nzc4NDU1fDY5MzI1NHwxNTAyMjUzMDA3fDAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMHw5Ni41MC4xMTcuNDF8Mnw1NTljMGIyNWE5NWM4NmY3MWJlMjQyZjkyNjA1MDllNg==



Both Mozilla and Chrome will sometimes open with:



https://launchpage.org/?uid=oTlKBGjchx1sXu%2BaqeWVplEMStvzxHHBJNU4alLJVfNKZPqlc9wlhFs7rMh59EMR1%2B%2B0



And one time I saw Chrome open with:



http://playinghome.com/b40/index.php?voluumdata=BASE64dmlkLi4wMDAwMDAwMi00MzdhLTRmZDQtODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLjM2ZTYyMDAwLTdjYjctMTFlNy04ZmExLWI5ZjgzZWZlYThlY19fY2FpZC4uY2RjMTUyODItYzcyOS00Y2UzLWFjYjItMjUzYzY2Zjg4NzJkX19ydC4uUl9fbGlkLi45OGQ4NjIzZC05NTEzLTQ2ZDEtYjc4NC0zNmMwNzZlOTI1N2JfX29pZDEuLmEyNDQwOTA3LTA3MTgtNGIxMC04MzRiLWI3OTUyM2U1MjZjM19fdmFyMS4uNDcxMTUyX192YXIyLi42NTAyOTlfX3JkLi5waXBlc2NoYW5uZWxzXC5cY29tX19haWQuLl9fYWIuLl9fc2lkLi5fX2NyaS4uX19wdWIuLl9fZGlkLi5fX2RpdC4uX19waWQuLl9faXQuLl9fdnQuLjE1MDIyNTM1MjMxNTc&zoneid=471152&campaignid=650299&visitor_id=358333828498



And there isn`t anything I can do about it at the moment.



Just tried Avast safezone for I think possibly the first time ever and I brought up launchpage.org



Why Edge isn't bringing up this stuff I do not know. Any and all help is and will be much appreciated. Thanks again. M

 
Posted 8/11/2017 6:37 AM
#124685
User avatar

uberdogmel Valued member

Date Joined Nov 2016
Total Posts: 14
OK so it appears I've found a combination of removal tools that appear to have worked but I would still appreciate someone looking over the process I've used. I have no way of knowing of the thoroughness of this method or even if it was just that one infection. The process used for removing the Launchpage.org browser hijack can be found at:



https://www.bleepingcomputer.com/virus-removal/remove-launchpage.org-home-page-hijacker



It uses a combination of no less than 5 removal tools, some of which I had heard of but most not. Any thoughts or further advice would be most appreciated.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, August 22, 2017, 3:04 PM (GMT +2)
There are a total of 61,346 posts in 13,491 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,076 registered members. Please welcome our newest member, joefear.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.