Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Causes Popups Whenever I Click on Webpages


  • Please log in to reply
5 replies to this topic

#1 CJustin

CJustin

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 13 January 2014 - 04:48 PM

Hi,

 

My problem is that whenever I click anywhere - not just a link - on Chrome or Firefox a popup ad appears either in a new tab, or new window, or sometimes even both. The sides and bottom of the webpage are also plastered with ads too. Conventional malware removers fail at solving the issue. Below I have pasted the results from my DDS log and have also included the attach.txt in the attachment module. Thank you advance for your help. I have used this forum before, and really appreciate what you guys do.

 

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by PC at 13:37:51 on 2014-01-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3839.1947 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Video Player: {b5f6c100-7093-4b3d-bfc4-164c6132677f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\PC\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b6e2b6cea57447d1b835d17921914944-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
uRun: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{187FCB82-288E-4519-A4FE-9F1B19594C7A} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{288D9687-5989-4419-BF10-A224990AE8B5} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{288D9687-5989-4419-BF10-A224990AE8B5}\055647562702E496E63657E607F6F607 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{288D9687-5989-4419-BF10-A224990AE8B5}\2656C6B696E6E2531623 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{288D9687-5989-4419-BF10-A224990AE8B5}\75966496253555F56623 : DHCPNameServer = 192.168.15.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Authentication Packages =  msv1_0 relog_ap
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p33mcv1x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AlternaTIFF\npzzatif.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2012-4-7 34704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-8 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2011-10-2 36864]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-30 314400]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-6-7 107432]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-13 20992]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-10-2 783464]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]
S4 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2012-4-7 34728]
S4 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2014-01-11 04:49:51    --------    d-----w-    C:\Users\PC\AppData\Roaming\SUPERAntiSpyware.com
2014-01-11 04:49:04    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-01-11 04:49:04    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-01-10 17:35:12    --------    d-----w-    C:\Users\PC\AppData\Roaming\Malwarebytes
2014-01-10 17:34:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-10 17:34:56    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-10 17:34:56    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 07:09:02    --------    d-----w-    C:\Program Files (x86)\VideoPlayerV3
2013-12-24 06:53:08    --------    d-----w-    C:\Users\PC\AppData\Roaming\AIMP3
2013-12-24 06:53:04    --------    d-----w-    C:\Program Files (x86)\AIMP3
2013-12-24 06:37:57    --------    d-----w-    C:\Users\PC\AppData\Roaming\AIMP
2013-12-23 05:27:13    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-12-23 04:50:12    --------    d-----w-    C:\Users\PC\AppData\Roaming\Python-Eggs
2013-12-23 04:50:04    --------    d-----w-    C:\Users\PC\AppData\Roaming\BitLord
2013-12-23 04:48:23    --------    d-----w-    C:\Program Files (x86)\BitLord 2
2013-12-23 04:28:14    --------    d-----w-    C:\Users\PC\AppData\Local\SwvUpdater
2013-12-23 04:28:01    --------    d-----w-    C:\Program Files (x86)\Iminent
2013-12-23 04:27:03    --------    d-----w-    C:\Program Files (x86)\SecretSauce
2013-12-23 04:26:40    --------    d-----w-    C:\Program Files (x86)\Torntv V6.0
2013-12-23 04:26:32    --------    d-----w-    C:\Program Files (x86)\TornTV.com
2013-12-23 04:23:49    --------    d-----w-    C:\Users\PC\AppData\Roaming\.BitTornado
2013-12-23 04:10:28    --------    d-----w-    C:\Program Files (x86)\BitTornado
.
==================== Find3M  ====================
.
2014-01-03 17:00:49    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-03 17:00:49    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-06 05:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-25 06:25:58    194872    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-07-08 06:54:52    109692    ----a-w-    C:\Program Files (x86)\mididsm.exe
.
============= FINISH: 13:38:29.27 ===============
 



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:41 AM

Posted 18 January 2014 - 01:20 PM

Hi CJustin

I apologize for the delay in response to your thread.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, BitTornado , Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
JRT.txt
AdwCleaner report
Both reports from FRST


Thanks.

BBPP6nz.png


#3 CJustin

CJustin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 21 January 2014 - 01:22 AM

Thanks Starbuck. So far the problem persists. The logs in the order you mentioned are pasted below.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by PC on Mon 01/20/2014 at 21:58:53.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\PC\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\PC\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Users\PC\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\secretsauce"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\p33mcv1x.default\extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com
Successfully deleted the following from C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\p33mcv1x.default\prefs.js

user_pref("extensions.crossrider.bic", "1431db5af824825d41fb0c7cdb61afc1");
Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\p33mcv1x.default\minidumps [118 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/20/2014 at 22:04:35.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.017 - Report created 20/01/2014 at 22:06:45
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Users\PC\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\PC\AppData\Local\Temp\incredibar.com
Folder Deleted : C:\Users\PC\AppData\Roaming\BitLord
Folder Deleted : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\PC\Documents\BitLord
File Deleted : C:\Users\PC\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67C71B35-A416-4A54-BD1D-15965A4FE41C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p33mcv1x.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3523 octets] - [20/01/2014 22:05:16]
AdwCleaner[S0].txt - [3431 octets] - [20/01/2014 22:06:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3491 octets] ##########
 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by PC (administrator) on PC-PC on 20-01-2014 22:10:19
Running from C:\Users\PC\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\PC\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b6e2b6cea57447d1b835d17921914944-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
HKCU\...\Run: [Google Update] - C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-26] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175AFD307807CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Video Player - {b5f6c100-7093-4b3d-bfc4-164c6132677f} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta672\ie\VideoPlayerV3beta672.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p33mcv1x.default
FF Homepage: mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @alternatiff.com/AlternaTIFF - C:\Program Files (x86)\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\PC\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SecretSauce - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p33mcv1x.default\Extensions\firefox@secretsauce.biz.xpi [2013-12-06]
FF Extension: AVG PrivacyFix - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\p33mcv1x.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2013-04-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta672.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta672\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta672\ff [2014-01-09]

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.ymail.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\PC\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\PC\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\PC\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Wolfram Mathematica) - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\PC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Video Player) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\agimkgpkfoifljiddoiegfecfhiclmgo [2014-01-09]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (SecretSauce) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino [2013-12-22]
CHR Extension: (Flash Video Downloader) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpjfocihhfgighbkleiolokddfmhcdpm [2012-01-07]
CHR Extension: (Skype Click to Call) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-11]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Black Black Chrome Theme Hot Pink Highlight) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdhfcagdlpjbpfldpabhkdibdcbaiih [2013-03-02]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [agimkgpkfoifljiddoiegfecfhiclmgo] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta672\ch\VideoPlayerV3beta672.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-12-13]
CHR StartMenuInternet: Google Chrome - C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S4 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2012-04-07] (Arainia Solutions)
S2 HPSLPSVC; C:\Users\PC\AppData\Local\Temp\7zS5C92\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [174120 2007-11-05] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [54320 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1148968 2007-11-05] (Broadcom Corporation.)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156456 2007-06-29] (Broadcom Corporation.)
R3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [78640 2007-03-31] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [70824 2007-08-27] (Broadcom Corporation.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-04-07] (Arainia Solutions LLC)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [783464 2010-09-17] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 22:10 - 2014-01-20 22:10 - 00015883 _____ C:\Users\PC\Desktop\FRST.txt
2014-01-20 22:10 - 2014-01-20 22:10 - 00000000 ____D C:\FRST
2014-01-20 22:05 - 2014-01-20 22:07 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:04 - 2014-01-20 22:04 - 00004381 _____ C:\Users\PC\Desktop\JRT.txt
2014-01-20 21:58 - 2014-01-20 21:58 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 21:55 - 2014-01-20 21:55 - 02077184 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-01-20 21:54 - 2014-01-20 21:54 - 01236282 _____ C:\Users\PC\Desktop\AdwCleaner.exe
2014-01-20 21:53 - 2014-01-20 21:53 - 01037068 _____ (Thisisu) C:\Users\PC\Desktop\JRT.exe
2014-01-15 09:58 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:58 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:58 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:58 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 23:18 - 2014-01-12 23:18 - 00000218 _____ C:\Users\PC\AppData\Local\recently-used.xbel
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\Users\PC\AppData\Roaming\SUPERAntiSpyware.com
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-10 09:35 - 2014-01-10 09:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\Malwarebytes
2014-01-10 09:34 - 2014-01-10 09:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 09:34 - 2014-01-10 09:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 09:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 23:09 - 2014-01-09 23:09 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2013-12-23 22:53 - 2014-01-14 22:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\AIMP3
2013-12-23 22:53 - 2013-12-23 22:53 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-12-23 22:37 - 2013-12-23 22:47 - 00000000 ____D C:\Users\PC\AppData\Roaming\AIMP
2013-12-22 21:27 - 2013-12-22 22:33 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2013-12-22 21:27 - 2013-12-22 21:27 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-22 20:50 - 2013-12-22 20:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\Python-Eggs
2013-12-22 20:26 - 2014-01-20 22:09 - 00002166 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job
2013-12-22 20:26 - 2014-01-20 22:09 - 00001290 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2013-12-22 20:26 - 2014-01-10 10:47 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0
2013-12-22 20:26 - 2013-12-22 20:26 - 00004320 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater
2013-12-22 20:23 - 2013-12-22 20:23 - 00000000 ____D C:\Users\PC\AppData\Roaming\.BitTornado
2013-12-22 20:10 - 2013-12-22 20:10 - 04315421 _____ C:\Users\PC\Downloads\BitTornado-0.3.18-w32install.exe
2013-12-22 20:10 - 2013-12-22 20:10 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTornado
2013-12-22 20:10 - 2013-12-22 20:10 - 00000000 ____D C:\Program Files (x86)\BitTornado
2013-12-21 22:11 - 2014-01-20 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-20 22:10 - 2014-01-20 22:10 - 00015883 _____ C:\Users\PC\Desktop\FRST.txt
2014-01-20 22:10 - 2014-01-20 22:10 - 00000000 ____D C:\FRST
2014-01-20 22:09 - 2013-12-22 20:26 - 00002166 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job
2014-01-20 22:09 - 2013-12-22 20:26 - 00001290 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2014-01-20 22:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 22:08 - 2009-07-13 20:51 - 00153944 _____ C:\Windows\setupact.log
2014-01-20 22:07 - 2014-01-20 22:05 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:07 - 2011-04-30 12:37 - 01240087 _____ C:\Windows\WindowsUpdate.log
2014-01-20 22:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2014-01-20 22:06 - 2013-12-21 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-20 22:04 - 2014-01-20 22:04 - 00004381 _____ C:\Users\PC\Desktop\JRT.txt
2014-01-20 21:58 - 2014-01-20 21:58 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 21:55 - 2014-01-20 21:55 - 02077184 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-01-20 21:54 - 2014-01-20 21:54 - 01236282 _____ C:\Users\PC\Desktop\AdwCleaner.exe
2014-01-20 21:53 - 2014-01-20 21:53 - 01037068 _____ (Thisisu) C:\Users\PC\Desktop\JRT.exe
2014-01-20 21:48 - 2011-04-30 12:50 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A84E3AA-E281-4442-83EB-8BF3A0A07A30}
2014-01-20 21:41 - 2009-07-13 20:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 21:41 - 2009-07-13 20:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 21:39 - 2011-04-30 12:51 - 00000000 ____D C:\ProgramData\MFAData
2014-01-20 21:38 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 10:35 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-17 01:27 - 2011-06-26 15:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001UA.job
2014-01-15 11:51 - 2009-07-13 20:45 - 00433120 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 10:24 - 2013-08-13 19:50 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 10:22 - 2011-08-14 21:07 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 22:04 - 2013-12-23 22:53 - 00000000 ____D C:\Users\PC\AppData\Roaming\AIMP3
2014-01-14 00:17 - 2011-12-11 13:00 - 00000000 ____D C:\Users\PC\Documents\Academia
2014-01-13 13:49 - 2011-10-30 19:29 - 00000000 ____D C:\Users\PC\Desktop\Other
2014-01-12 23:18 - 2014-01-12 23:18 - 00000218 _____ C:\Users\PC\AppData\Local\recently-used.xbel
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\Users\PC\AppData\Roaming\SUPERAntiSpyware.com
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-10 20:49 - 2014-01-10 20:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-10 10:49 - 2011-04-30 14:09 - 00041342 _____ C:\Windows\PFRO.log
2014-01-10 10:47 - 2013-12-22 20:26 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0
2014-01-10 09:35 - 2014-01-10 09:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\Malwarebytes
2014-01-10 09:34 - 2014-01-10 09:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 09:34 - 2014-01-10 09:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-10 09:27 - 2011-06-26 15:29 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001Core.job
2014-01-09 23:09 - 2014-01-09 23:09 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-06 07:55 - 2009-07-13 21:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 21:50 - 2013-05-26 12:12 - 00000000 ____D C:\Users\PC\Documents\Bluetooth Exchange Folder
2014-01-03 09:00 - 2012-04-30 21:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 09:00 - 2012-04-30 21:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-23 22:53 - 2013-12-23 22:53 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-12-23 22:47 - 2013-12-23 22:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\AIMP
2013-12-23 22:31 - 2011-05-01 12:04 - 00000000 ____D C:\SolidWorks Data
2013-12-23 21:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-22 22:33 - 2013-12-22 21:27 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2013-12-22 21:55 - 2013-11-21 23:56 - 00000000 ____D C:\Users\PC\Documents\Blog
2013-12-22 21:27 - 2013-12-22 21:27 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-22 21:20 - 2013-11-23 22:39 - 00000000 ____D C:\Users\PC\AppData\Roaming\DivX
2013-12-22 20:50 - 2013-12-22 20:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\Python-Eggs
2013-12-22 20:26 - 2013-12-22 20:26 - 00004320 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater
2013-12-22 20:23 - 2013-12-22 20:23 - 00000000 ____D C:\Users\PC\AppData\Roaming\.BitTornado
2013-12-22 20:10 - 2013-12-22 20:10 - 04315421 _____ C:\Users\PC\Downloads\BitTornado-0.3.18-w32install.exe
2013-12-22 20:10 - 2013-12-22 20:10 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTornado
2013-12-22 20:10 - 2013-12-22 20:10 - 00000000 ____D C:\Program Files (x86)\BitTornado
2013-12-21 19:53 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\PC\AppData\Local\Temp\ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe
C:\Users\PC\AppData\Local\Temp\ICReinstall_ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe
C:\Users\PC\AppData\Local\Temp\incredibar-somoto.exe
C:\Users\PC\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\PC\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\ose00000.exe
C:\Users\PC\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PC\AppData\Local\Temp\Setup1.exe
C:\Users\PC\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-12 11:18

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by PC at 2014-01-20 22:11:40
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIMP3 (x32 Version: v3.55.1324, 15.11.2013 - AIMP DevTeam)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Anvil Studio 2012 (x32 Version: 13.05.02 - Willow Software)
Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Belkin Setup and Router Monitor (x32 Version:  - )
BitLord 2.3 (x32 Version: 2.3.2-245 - House of Life)
BitTornado 0.3.18 (x32 Version: 0.3.18 - John Hoffman)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.08057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
DirectVobSub (remove only) (x32 Version:  - )
DivX H.264 decoder 8.2.0.26 (x32 Version: 8.2.0.26 - )
DivX Setup (x32 Version: 2.6.1.87 - DivX, LLC)
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
Gizmo Central (x32 Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
Google Talk (remove only) (HKCU Version:  - )
Graph 4.3 (x32 Version:  - Ivan Johansen)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (Version: 10.5.0.142 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 39 (x32 Version: 6.0.390 - Oracle)
Kate's Video Converter 7.0 (x32 Version: 7.0.0 - Web Solution Mart)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mathematica Extras 8.0 (2609412) (Version: 8.0.4 - Wolfram Research, Inc.)
MDF to ISO version 1.0 (x32 Version: 1.0 - mdftoiso.com)
MEMORIAD (MegaROB) (x32 Version: 1.0.6 - MegaROB)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 en-US) (HKCU Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 20.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyPaint 1.0.0 (HKCU Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.33.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.33.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.33.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (x32 Version: 6.2.3 - )
PDF24 Creator 5.7.0 (x32 Version:  - PDF24.org)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.12.1218.2009 - Realtek)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Seagate DiscWizard (x32 Version: 11.0.8326 - Seagate)
SeaTools for Windows (x32 Version: 1.2.0.5 - Seagate Technology)
SecretSauce (Version: 2013.12.07.011955 - SecretSauce)
Skype Click to Call (x32 Version: 6.5.11422 - Skype Technologies S.A.)
Skype™ 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
Torntv V6.0 (x32 Version: 1.31.153.0 - installdaddy) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Player (x32 Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.5 (x32 Version: 1.0.5 - VideoLAN Team)
WIDCOMM Bluetooth Software (Version: 5.1.0.4500 -  )
Winamp (x32 Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (x32 Version: 8.0.4 - Wolfram Research, Inc.)

==================== Restore Points  =========================

11-12-2013 19:59:00 Windows Update
17-12-2013 00:59:35 Windows Update
23-12-2013 04:48:49 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
12-01-2014 19:25:10 Scheduled Checkpoint
15-01-2014 18:21:56 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3DC1D988-EBEA-43DD-8DA1-A590E5509869} - System32\Tasks\{8D60A94B-DB31-4BB3-8975-1D5290CD9D60} => D:\Documents and Settings\Soviet\MidiDsm.EXE [2004-10-16] ()
Task: {5E798469-353E-4A87-9CC6-8C811561B062} - System32\Tasks\Torntv V6.0-firefoxinstaller => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: {8DA0D13D-6289-4B5C-8023-2DC57E06AE9C} - System32\Tasks\{DCDCDD10-EC26-4024-B5A6-C81B0894964C} => D:\Documents and Settings\Soviet\MidiDsm.EXE [2004-10-16] ()
Task: {90A3CDFF-9271-41F3-8044-064A75DBA51B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001UA => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-26] (Google Inc.)
Task: {94CE3B69-8D48-4DF3-9766-33603EAAF7FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001Core => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-26] (Google Inc.)
Task: {A7BCAC5D-E686-4C24-ACD5-D5984E9FA21A} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2012-04-07] (Arainia Solutions)
Task: {A94AEAF2-9272-47CC-821F-4B7D7A7DF484} - System32\Tasks\Torntv V6.0-updater => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION
Task: {B0D02BEB-BDDD-486A-9669-FCF4382E3B39} - System32\Tasks\{C18E3861-7E2F-4A36-96E1-A8FEC3539CDE} => D:\Documents and Settings\Soviet\MidiDsm.EXE [2004-10-16] ()
Task: {D18002EC-7AF2-48D8-8AD7-02D4E317CAF1} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {DE65B78D-E270-4512-8E5E-78A4508B398B} - System32\Tasks\{C4F51B3C-FCE0-449D-A5EA-ED5A19C6A1A2} => D:\Documents and Settings\Soviet\MidiDsm.EXE [2004-10-16] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001Core.job => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527486474-916041813-868046021-1001UA.job => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Torntv V6.0-updater.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-11-13 19:48 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-04-07 23:38 - 2012-04-07 23:38 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () C:\Octave\Notepad++\NppShell_05.dll
2007-11-01 16:18 - 2007-11-01 16:19 - 26245632 _____ () C:\Windows\system32\btwicons.dll
2007-11-01 16:17 - 2007-11-01 16:17 - 00049152 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-04-30 12:45 - 2011-04-30 12:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-02 12:48 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2013-08-28 16:25 - 2013-08-28 16:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3839.3 MB
Available physical RAM: 2620.33 MB
Total Pagefile: 7676.79 MB
Available Pagefile: 6321.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:360.68 GB) NTFS
Drive d: () (Fixed) (Total:55.88 GB) (Free:18.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 56 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 55E6BC4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:41 AM

Posted 21 January 2014 - 04:27 PM

Hi CJustin

So far the problem persists

Ok, there are some entries we need to deal with.
Let's see if the problem remains after the fix.

Step 1

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2
Let's reset the browsers now.

Google Chrome
  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.
Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.
Homepage button will be hidden and the URL that you previously set will be removed.
Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
Pinned tabs will be unpinned.
Content settings will be cleared and reset to their installation defaults.
Cookies and site data will be cleared.
Extensions and themes will be disabled.

Firefox
  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.
Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:
  • Bookmarks
  • Browsing history
  • Passwords
  • Cookies
  • Web form auto-fill information
  • Personal dictionary



In your next reply, please submit:
Fixlog.txt
and give me an update on the system


Thanks.

Attached File  fixlist.txt   2.41KB   7 downloads

BBPP6nz.png


#5 CJustin

CJustin
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 21 January 2014 - 06:37 PM

The problem appears to be fixed for now - thank you so much!!! The fixlog.txt is:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by PC at 2014-01-21 15:27:24 Run:1
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\PC\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b6e2b6cea57447d1b835d17921914944-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
2013-12-22 20:26 - 2014-01-20 22:09 - 00002166 _____ C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job
2013-12-22 20:26 - 2014-01-20 22:09 - 00001290 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2013-12-22 20:26 - 2014-01-10 10:47 - 00000000 ____D C:\Program Files (x86)\Torntv V6.0
2013-12-22 20:26 - 2013-12-22 20:26 - 00004320 _____ C:\Windows\System32\Tasks\Torntv V6.0-updater
C:\Users\PC\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\PC\AppData\Local\Temp\ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe
C:\Users\PC\AppData\Local\Temp\ICReinstall_ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe
C:\Users\PC\AppData\Local\Temp\incredibar-somoto.exe
C:\Users\PC\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\PC\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PC\AppData\Local\Temp\ose00000.exe
C:\Users\PC\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\PC\AppData\Local\Temp\Quarantine.exe
C:\Users\PC\AppData\Local\Temp\Setup1.exe
C:\Users\PC\AppData\Local\Temp\xmlUpdater.exe
Task: {5E798469-353E-4A87-9CC6-8C811561B062} - System32\Tasks\Torntv V6.0-firefoxinstaller => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: {A94AEAF2-9272-47CC-821F-4B7D7A7DF484} - System32\Tasks\Torntv V6.0-updater => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Torntv V6.0-updater.job => C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-updater.exe <==== ATTENTION

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => Value deleted successfully.
C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job => Moved successfully.
C:\Windows\Tasks\Torntv V6.0-updater.job => Moved successfully.
C:\Program Files (x86)\Torntv V6.0 => Moved successfully.
C:\Windows\System32\Tasks\Torntv V6.0-updater => Moved successfully.
C:\Users\PC\AppData\Local\Temp\gtalkwmp1.dll => Moved successfully.
"C:\Users\PC\AppData\Local\Temp\ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe" => File/Directory not found.
"C:\Users\PC\AppData\Local\Temp\ICReinstall_ICReinstall_BitLordInstaller - The Hunger Games:Catching Fire.2013.DVDScr.x264.2Audio-SmY.exe" => File/Directory not found.
C:\Users\PC\AppData\Local\Temp\incredibar-somoto.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\pdf24-creator-update.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\Setup1.exe => Moved successfully.
C:\Users\PC\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E798469-353E-4A87-9CC6-8C811561B062} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E798469-353E-4A87-9CC6-8C811561B062} => Key deleted successfully.
C:\Windows\System32\Tasks\Torntv V6.0-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv V6.0-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A94AEAF2-9272-47CC-821F-4B7D7A7DF484} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A94AEAF2-9272-47CC-821F-4B7D7A7DF484} => Key deleted successfully.
C:\Windows\System32\Tasks\Torntv V6.0-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv V6.0-updater => Key deleted successfully.
C:\Windows\Tasks\Torntv V6.0-firefoxinstaller.job not found.
C:\Windows\Tasks\Torntv V6.0-updater.job not found.

==== End of Fixlog ====



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:41 AM

Posted 21 January 2014 - 07:52 PM

Hi CJustin
 

The problem appears to be fixed for now

That's good to hear. :)

Just a few things for you to do:


Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 51 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 51".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java 7 Update 45
    Java 6 Update 39

    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 3
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


In your next reply, please submit:
Eset scan report if anything is found.


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users