Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
About to lose my business - can't remove this exploit. Thanks for looking.
Message
<blockquote data-quote="cantgetrid-of-IT" data-source="post: 401365" data-attributes="member: 37324"><p>aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software</p><p>Run date: 2015-06-22 08:00:13</p><p>-----------------------------</p><p>08:00:13.618 OS Version: Windows x64 6.1.7601 Service Pack 1</p><p>08:00:13.618 Number of processors: 4 586 0x2505</p><p>08:00:13.618 ComputerName: xxxx-PC UserName: xxxx</p><p>08:00:16.740 Initialize success</p><p>08:00:16.756 VM: initialized successfully</p><p>08:00:16.756 VM: Intel CPU BiosDisabled </p><p>08:00:20.205 AVAST engine download error: 0</p><p>08:00:27.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0</p><p>08:00:27.553 Disk 0 Vendor: TOSHIBA_THNSNF128GCSS FSLAN102 Size: 122104MB BusType: 11</p><p>08:00:27.568 Disk 0 MBR read successfully</p><p>08:00:27.568 Disk 0 MBR scan</p><p>08:00:27.568 Disk 0 Windows 7 default MBR code</p><p>08:00:27.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048</p><p>08:00:27.584 Disk 0 default boot code</p><p>08:00:27.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848</p><p>08:00:27.600 Disk 0 scanning C:\Windows\system32\drivers</p><p>08:00:28.489 Service scanning</p><p>08:00:31.796 Modules scanning</p><p>08:00:32.295 Disk 0 trace - called modules:</p><p>08:00:32.295 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys </p><p>08:00:32.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d2b060]</p><p>08:00:32.311 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a161f0]</p><p>08:00:32.311 Disk 0 statistics 87355/0/0 @ 59.57 MB/s</p><p>08:00:32.311 Scan finished successfully</p><p>08:00:58.864 Disk 0 MBR has been saved successfully to "C:\Users\xxxx\Documents\MBR.dat"</p><p>08:00:58.864 The log file has been saved successfully to "C:\Users\xxxx\Documents\aswMBR.txt"</p><p></p><p>> Hitman Pro >Alert</p><p></p><p>[code]</p><p>HitmanPro 3.7.9.242</p><p>www.hitmanpro.com</p><p></p><p> Computer name . . . . : xxxx-PC</p><p> Windows . . . . . . . : 6.1.1.7601.X64/4</p><p> User name . . . . . . : xxxx-PC\xxxx</p><p> UAC . . . . . . . . . : Enabled</p><p> License . . . . . . . : Trial (30 days left)</p><p></p><p> Scan date . . . . . . : 2015-06-22 08:18:22</p><p> Scan mode . . . . . . : Normal</p><p> Scan duration . . . . : 45s</p><p> Disk access mode . . : Direct disk access (SRB)</p><p> Cloud . . . . . . . . : Internet</p><p> Reboot . . . . . . . : No</p><p></p><p> Threats . . . . . . . : 0</p><p> Traces . . . . . . . : 9</p><p></p><p> Objects scanned . . . : 865,088</p><p> Files scanned . . . . : 10,299</p><p> Remnants scanned . . : 95,423 files / 759,366 keys</p><p></p><p>Cookies _____________________________________________________________________</p><p></p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:ad.360yield.com</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:ads.stickyadstv.com</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:doubleclick.net</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:microsoftsto.112.2o7.net</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:network.realmedia.com</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com</p><p> C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default</p><p></p><p>\Cookies:smartadserver.com</p><p></p><p></p><p>[/code]</p><p></p><p>> GMER</p><p></p><p>GMER 2.1.19357 - <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a></p><p>3rd party scan 2015-06-22 10:08:38</p><p>Windows 6.1.7601 Service Pack 1 x64 </p><p>Running: fpu3jp22.exe</p><p></p><p></p><p>---- Services - GMER 2.1 ----</p><p></p><p>Service C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft Protection Service/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54) [AUTO] a2AntiMalware</p><p>Service C:\Windows\system32\DRIVERS\epp64.sys (Emsisoft Anti-Malware Platform Protection/Emsisoft GmbH SIGNED)(2015-06-22 14:49:58) [SYSTEM] epp64</p><p>Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09) [AUTO] gupdate</p><p>Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09) [MANUAL] gupdatem</p><p>Service C:\Windows\system32\drivers\hmpalert.sys (HitmanPro.Alert Support Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [MANUAL] hmpalert</p><p>Service C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [AUTO] hmpalertsvc</p><p>Service C:\Windows\system32\drivers\hmpnet.sys (HitmanPro.Alert TDI Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [MANUAL] hmpnet</p><p>Service C:\ProgramData\MobileBrServ\mbbservice.exe(2015-06-22 07:59:23) [AUTO] Servicio HILINK</p><p>Service C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys (SpyShelter Driver/SpyShelter SIGNED)(2015-06-22 15:21:51) [SYSTEM] Spyshelter</p><p>Service C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys (SpyShelter Firewall Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) [AUTO] SpyshelterFw</p><p>Service C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys (SpyShelter Additional Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) [SYSTEM] SpyshelterKb</p><p>Service C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (SpyShelter Service/Datpol)(2015-06-22 15:21:53) [AUTO] SpyShelterSrv</p><p></p><p>---- Registry - GMER 2.1 ----</p><p></p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\a2AntiMalware@ImagePath C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft Protection Service/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\epp64@ImagePath C:\Windows\system32\DRIVERS\epp64.sys (Emsisoft Anti-Malware Platform Protection/Emsisoft GmbH SIGNED)(2015-06-22 14:49:58)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\HitmanPro.Alert@EventMessageFile C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\gupdate@ImagePath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\hmpalert@ImagePath C:\Windows\system32\drivers\hmpalert.sys (HitmanPro.Alert Support Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\hmpalertsvc@ImagePath C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\hmpnet@ImagePath C:\Windows\system32\drivers\hmpnet.sys (HitmanPro.Alert TDI Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\Servicio HILINK@ImagePath C:\ProgramData\MobileBrServ\mbbservice.exe(2015-06-22 07:59:23)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\Spyshelter@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys (SpyShelter Driver/SpyShelter SIGNED)(2015-06-22 15:21:51)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\SpyshelterFw@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys (SpyShelter Firewall Driver/SpyShelter SIGNED)(2015-06-22 15:21:53)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\SpyshelterKb@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys (SpyShelter Additional Driver/SpyShelter SIGNED)(2015-06-22 15:21:53)</p><p>Reg HKLM\SYSTEM\CurrentControlSet\services\SpyShelterSrv@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (SpyShelter Service/Datpol)(2015-06-22 15:21:53)</p><p>Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11)</p><p>Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro.Alert@DisplayIcon C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35)</p><p>Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyshelterInternetSecurity_is1@UninstallString C:\Program Files (x86)\SpyShelter Firewall\unins000.exe(2015-06-22 15:21:51)</p><p>Reg HKLM\SOFTWARE\Classes\asquared.Scanner.Settings\shell\open\command@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2START.EXE (Emsisoft Security Center/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54)</p><p>Reg HKLM\SOFTWARE\Classes\ChromeHTML\shell\open\command@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11)</p><p>Reg HKLM\SOFTWARE\Classes\CLSID\{003EB908-0B86-44F8-86F0-B19A7022449C}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine_64.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\CLSID\{030D32F7-BF26-40a2-AB44-A34E78908701}\InProcServer32@ C:\Windows\system32\SpyShelterShellExt.dll (SpyShelter Context Menu Dll/Datpol SIGNED)(2015-06-22 15:21:53)</p><p>Reg HKLM\SOFTWARE\Classes\CLSID\{5E688170-BDC7-48AA-A339-5F74CFDBDC9C}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine_64.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\CLSID\{E3F21FC7-6D65-48E7-B62B-E9ED8200C764}\InProcServer32@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL (Emsisoft shell context menu library/Emsisoft GmbH SIGNED)(2015-06-22 14:49:55)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{003EB908-0B86-44F8-86F0-B19A7022449C}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{030D32F7-BF26-40a2-AB44-A34E78908701}\InProcServer32@ C:\Windows\system32\SpyShelterShellExt.dll (SpyShelter Context Menu Dll/Datpol SIGNED)(2015-06-22 15:21:53)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@ C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5E688170-BDC7-48AA-A339-5F74CFDBDC9C}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AB77609F-2178-4E6F-9C4B-44AC179D937A}\InProcServer32@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL (Emsisoft shell context menu library/Emsisoft GmbH SIGNED)(2015-06-22 14:49:55)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09)</p><p>Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@GoogleChromeAutoLaunch_1BD54B6120616C16E1978A704AAC9073 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11)</p><p></p><p>---- EOF - GMER 2.1 ----</p></blockquote><p></p>
[QUOTE="cantgetrid-of-IT, post: 401365, member: 37324"] aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software Run date: 2015-06-22 08:00:13 ----------------------------- 08:00:13.618 OS Version: Windows x64 6.1.7601 Service Pack 1 08:00:13.618 Number of processors: 4 586 0x2505 08:00:13.618 ComputerName: xxxx-PC UserName: xxxx 08:00:16.740 Initialize success 08:00:16.756 VM: initialized successfully 08:00:16.756 VM: Intel CPU BiosDisabled 08:00:20.205 AVAST engine download error: 0 08:00:27.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:00:27.553 Disk 0 Vendor: TOSHIBA_THNSNF128GCSS FSLAN102 Size: 122104MB BusType: 11 08:00:27.568 Disk 0 MBR read successfully 08:00:27.568 Disk 0 MBR scan 08:00:27.568 Disk 0 Windows 7 default MBR code 08:00:27.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 08:00:27.584 Disk 0 default boot code 08:00:27.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848 08:00:27.600 Disk 0 scanning C:\Windows\system32\drivers 08:00:28.489 Service scanning 08:00:31.796 Modules scanning 08:00:32.295 Disk 0 trace - called modules: 08:00:32.295 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 08:00:32.295 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d2b060] 08:00:32.311 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a161f0] 08:00:32.311 Disk 0 statistics 87355/0/0 @ 59.57 MB/s 08:00:32.311 Scan finished successfully 08:00:58.864 Disk 0 MBR has been saved successfully to "C:\Users\xxxx\Documents\MBR.dat" 08:00:58.864 The log file has been saved successfully to "C:\Users\xxxx\Documents\aswMBR.txt" > Hitman Pro >Alert [code] HitmanPro 3.7.9.242 www.hitmanpro.com Computer name . . . . : xxxx-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : xxxx-PC\xxxx UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-06-22 08:18:22 Scan mode . . . . . . : Normal Scan duration . . . . : 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 9 Objects scanned . . . : 865,088 Files scanned . . . . : 10,299 Remnants scanned . . : 95,423 files / 759,366 keys Cookies _____________________________________________________________________ C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:ad.360yield.com C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:ads.stickyadstv.com C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:doubleclick.net C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:microsoftsto.112.2o7.net C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:network.realmedia.com C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default \Cookies:smartadserver.com [/code] > GMER GMER 2.1.19357 - [URL]http://www.gmer.net[/URL] 3rd party scan 2015-06-22 10:08:38 Windows 6.1.7601 Service Pack 1 x64 Running: fpu3jp22.exe ---- Services - GMER 2.1 ---- Service C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft Protection Service/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54) [AUTO] a2AntiMalware Service C:\Windows\system32\DRIVERS\epp64.sys (Emsisoft Anti-Malware Platform Protection/Emsisoft GmbH SIGNED)(2015-06-22 14:49:58) [SYSTEM] epp64 Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09) [AUTO] gupdate Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09) [MANUAL] gupdatem Service C:\Windows\system32\drivers\hmpalert.sys (HitmanPro.Alert Support Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [MANUAL] hmpalert Service C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [AUTO] hmpalertsvc Service C:\Windows\system32\drivers\hmpnet.sys (HitmanPro.Alert TDI Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) [MANUAL] hmpnet Service C:\ProgramData\MobileBrServ\mbbservice.exe(2015-06-22 07:59:23) [AUTO] Servicio HILINK Service C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys (SpyShelter Driver/SpyShelter SIGNED)(2015-06-22 15:21:51) [SYSTEM] Spyshelter Service C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys (SpyShelter Firewall Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) [AUTO] SpyshelterFw Service C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys (SpyShelter Additional Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) [SYSTEM] SpyshelterKb Service C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (SpyShelter Service/Datpol)(2015-06-22 15:21:53) [AUTO] SpyShelterSrv ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\a2AntiMalware@ImagePath C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft Protection Service/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54) Reg HKLM\SYSTEM\CurrentControlSet\services\epp64@ImagePath C:\Windows\system32\DRIVERS\epp64.sys (Emsisoft Anti-Malware Platform Protection/Emsisoft GmbH SIGNED)(2015-06-22 14:49:58) Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\HitmanPro.Alert@EventMessageFile C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) Reg HKLM\SYSTEM\CurrentControlSet\services\gupdate@ImagePath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SYSTEM\CurrentControlSet\services\hmpalert@ImagePath C:\Windows\system32\drivers\hmpalert.sys (HitmanPro.Alert Support Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) Reg HKLM\SYSTEM\CurrentControlSet\services\hmpalertsvc@ImagePath C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) Reg HKLM\SYSTEM\CurrentControlSet\services\hmpnet@ImagePath C:\Windows\system32\drivers\hmpnet.sys (HitmanPro.Alert TDI Driver/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) Reg HKLM\SYSTEM\CurrentControlSet\services\Servicio HILINK@ImagePath C:\ProgramData\MobileBrServ\mbbservice.exe(2015-06-22 07:59:23) Reg HKLM\SYSTEM\CurrentControlSet\services\Spyshelter@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys (SpyShelter Driver/SpyShelter SIGNED)(2015-06-22 15:21:51) Reg HKLM\SYSTEM\CurrentControlSet\services\SpyshelterFw@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys (SpyShelter Firewall Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) Reg HKLM\SYSTEM\CurrentControlSet\services\SpyshelterKb@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys (SpyShelter Additional Driver/SpyShelter SIGNED)(2015-06-22 15:21:53) Reg HKLM\SYSTEM\CurrentControlSet\services\SpyShelterSrv@ImagePath C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe (SpyShelter Service/Datpol)(2015-06-22 15:21:53) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro.Alert@DisplayIcon C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (HitmanPro.Alert/SurfRight B.V. SIGNED)(2015-06-22 15:16:35) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyshelterInternetSecurity_is1@UninstallString C:\Program Files (x86)\SpyShelter Firewall\unins000.exe(2015-06-22 15:21:51) Reg HKLM\SOFTWARE\Classes\asquared.Scanner.Settings\shell\open\command@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2START.EXE (Emsisoft Security Center/Emsisoft Ltd SIGNED)(2015-06-22 14:49:54) Reg HKLM\SOFTWARE\Classes\ChromeHTML\shell\open\command@ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11) Reg HKLM\SOFTWARE\Classes\CLSID\{003EB908-0B86-44F8-86F0-B19A7022449C}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine_64.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\CLSID\{030D32F7-BF26-40a2-AB44-A34E78908701}\InProcServer32@ C:\Windows\system32\SpyShelterShellExt.dll (SpyShelter Context Menu Dll/Datpol SIGNED)(2015-06-22 15:21:53) Reg HKLM\SOFTWARE\Classes\CLSID\{5E688170-BDC7-48AA-A339-5F74CFDBDC9C}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine_64.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\CLSID\{E3F21FC7-6D65-48E7-B62B-E9ED8200C764}\InProcServer32@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL (Emsisoft shell context menu library/Emsisoft GmbH SIGNED)(2015-06-22 14:49:55) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{003EB908-0B86-44F8-86F0-B19A7022449C}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{030D32F7-BF26-40a2-AB44-A34E78908701}\InProcServer32@ C:\Windows\system32\SpyShelterShellExt.dll (SpyShelter Context Menu Dll/Datpol SIGNED)(2015-06-22 15:21:53) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@ C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5E688170-BDC7-48AA-A339-5F74CFDBDC9C}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AB77609F-2178-4E6F-9C4B-44AC179D937A}\InProcServer32@ C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL (Emsisoft shell context menu library/Emsisoft GmbH SIGNED)(2015-06-22 14:49:55) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Update/Google Inc. SIGNED)(2015-06-22 14:27:09) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@GoogleChromeAutoLaunch_1BD54B6120616C16E1978A704AAC9073 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-06-22 14:31:11) ---- EOF - GMER 2.1 ---- [/QUOTE]
Insert quotes…
Verification
Post reply
Top