New
#11
Here are the DDS logs.
Here are the DDS logs.
I had ran a Malwarebytes scan earlier in my recovery from malware. It initially found several problems. For good measure, I updated Malwarebytes and ran a full scan again. It found no problems.
I only ran the scan. I did not do the 'Fix'. Was I supposed to?
Open notepad. Inside notepad paste the highlighted items below
start
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\Lynn\AppData\Local\Akamai\netsession_win.exe" [x]
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Guest\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Guest\...\Run: [Advanced SystemCare 4] - "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [x]
HKU\Guest\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Guest\...\Run: [Advanced SystemCare 4] - "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [x]
HKU\Guest\...\Run: [Rohos] - C:\Program Files (x86)\Rohos\agent.exe [x]
HKU\Guest\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
HKU\HomeGroupUser$\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [x]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [85304 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: c:\progra~2\keycry~1\keycry~3.dll [78136 2013-03-07] (Zemana Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
URLSearchHook: (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
HKCU SearchScopes: DefaultScope {C3512387-1998-4F6E-82DE-C56CE250D840} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39910817921345487&UM=2
SearchScopes: HKCU - {664AFAC7-3060-4BE2-99CF-E087B70885FD} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {C131D0FB-A80A-4E7B-9B86-68180C285C78} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=01E81 5E4-0A5B-4FD8-8014-E458FFFC4725&apn_sauid=A7BFF1FA-EF47-4100-9CDD-60E652CB7B2E
SearchScopes: HKCU - {C3512387-1998-4F6E-82DE-C56CE250D840} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN39910817921345487&UM=2
BHO-x32: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
URLSearchHook: (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
S2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [x]
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
C:\Users\Lynn Standard Accoun\AppData\Roaming\ID Vault
C:\ID Vault
C:\Users\Lynn\AppData\Roaming\ID Vault
C:\ProgramData\Syscon
C:\Users\Lynn\GoToAssistDownloadHelper.exe
C:\Users\Lynn\sxstrace.exe
end
Click on File choose Save As
Choose the Desktop on the left hand side.
In the File Name: input fixlist.txt
In the Save as type: choose All Types on the drop down menu
Click on the [Save] button
Open FRST64.exe and click on the [FIX] button . Once its complete it will create a new log called Fixlog.txt . Upload the Fixlog.txt with your reply .
Here is the Fixlog.txt
Once you're done with that. Run the tool below
RogueKiller for 32bit <==== Download Link
RogueKiller for 64bit <==== Download Link
Click on one of the links above that goes with your Windows 7 bit versions
Save to the Desktop.
Close all windows and browsers
Right click on and choose
Press: SCAN
provide the RKreport.txt (Mode: Scan) in your reply.
Log should be on the Desktop or the C:\ Drive
Here is the RKreport. It also put a RK_Quarantine subdirectory on my desktop.
I somehow managed to generate two RKreport files, apparently while trying to click on the greyed out 'Fix Proxy'. Both are included here.