Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked browser


  • This topic is locked This topic is locked
23 replies to this topic

#1 bkhutch

bkhutch

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 26 April 2014 - 01:11 PM

I believe I have a hijacker bug.  Logs attached 

Attached Files



BC AdBot (Login to Remove)

 


#2 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 26 April 2014 - 08:10 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17041
Run by Owner at 14:06:45 on 2014-04-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3317.1494 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PasswordBox\pbbtnService.exe
C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\002\yewimmxqbs32.exe
C:\Windows\TEMP\OutE139\update.service.exe
c:\Program Files\RrFilter\RrFilterService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3253927&CUI=UN36924841825888364&UP=SP5AA88EEC-0BF0-43CF-8CF2-BD2C37CFE880&SSPV=
uURLSearchHooks: Produtools Manuals 2.1 E2 Toolbar: {c050a3b4-59e7-42b1-9956-369806f31d20} - c:\users\owner\appdata\locallow\produtools_manuals_2.1_e2\prxtbPro2.dll
mURLSearchHooks: Produtools Manuals 2.1 E2 Toolbar: {c050a3b4-59e7-42b1-9956-369806f31d20} - c:\users\owner\appdata\locallow\produtools_manuals_2.1_e2\prxtbPro2.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: RrSavings: {10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files\rr savings\RrSavings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PassShow: {4e1dfdc4-5474-47fc-bcaa-6f1f0c49bae2} - c:\program files\passshow-soft\157.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - c:\program files\passwordbox\application\pbbtn.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.0.250\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Produtools Manuals 2.1 E2 Toolbar: {c050a3b4-59e7-42b1-9956-369806f31d20} - c:\users\owner\appdata\locallow\produtools_manuals_2.1_e2\prxtbPro2.dll
BHO: OutfoxTV: {C4060A77-2FB6-46A7-A5D2-A59C144F454E} - c:\program files\outfoxtvaddon\ScriptHost.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Produtools Manuals 2.1 E2 Toolbar: {C050A3B4-59E7-42B1-9956-369806F31D20} - c:\users\owner\appdata\locallow\produtools_manuals_2.1_e2\prxtbPro2.dll
TB: Produtools Manuals 2.1 E2 Toolbar: {c050a3b4-59e7-42b1-9956-369806f31d20} - c:\users\owner\appdata\locallow\produtools_manuals_2.1_e2\prxtbPro2.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.0.250\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ROC_ROC_APR2013_AV] c:\users\owner\appdata\roaming\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 20d1c47d0ecf47d0a32ad168ddcd54df-b37f2a3a90c4f9f3c01a4adc6359e8a798770e52 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [BackgroundContainerV2] "c:\windows\system32\rundll32.exe" "c:\users\owner\appdata\local\conduit\backgroundcontainer\BackgroundContainer.dll",DllRun
uRun: [OutfoxTV] c:\program files\outfoxtv\outfoxtv\DesktopContainer.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5E579A23-3308-4F18-B472-F4D8B74B856B} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\f0spg3iv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.fox19.com/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\18.0.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8962e1f000000000000002215f354b5&q=
FF - user.js: extensions.BabylonToolbar.id - e8962e1f000000000000002215f354b5
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15679
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.919:49:55
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=4912_4
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-3-27 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-3-27 238872]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-3-31 108312]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-3-27 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-3-27 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-4-18 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-3-27 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-3-27 193304]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-1 42784]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-2-13 47488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-4-8 2470688]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 PasswordBox;PasswordBox;c:\program files\passwordbox\pbbtnService.exe [2013-11-1 67584]
R2 RrFilterService;RrFilterService;c:\program files\rrfilter\RrFilterService.exe [2014-3-13 149504]
R2 TBSrv;Toolbar Service;c:\program files\tbccint\toolbarservice\ToolbarService.exe [2014-4-12 350528]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-5-26 826896]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 yewimmxqbs32;yewimmxqbs32;c:\program files\002\yewimmxqbs32.exe run options=01100010020000000000000000000000 sourceguid=2d2d8a25-7fa3-4dea-b84b-d55ba4e9af2f --> c:\program files\002\yewimmxqbs32.exe run options=01100010020000000000000000000000 sourceguid=2D2D8A25-7FA3-4DEA-B84B-D55BA4E9AF2F [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.0\ToolbarUpdater.exe [2014-3-3 1759768]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-22 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-28 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-30 1343400]
.
=============== Created Last 30 ================
.
2014-04-26 12:35:59 -------- d-----w- c:\program files\RrFilter
2014-04-26 12:35:24 -------- d-----w- c:\program files\Rr Savings
2014-04-26 12:35:16 -------- d-----w- c:\program files\OutfoxTVaddon
2014-04-26 12:35:11 -------- d-----w- C:\temp
2014-04-26 12:35:11 -------- d-----w- c:\program files\PassShow-soft
2014-04-26 12:35:09 -------- d-----w- c:\program files\rrsavings
2014-04-26 12:34:28 -------- d-----w- c:\program files\002
2014-04-26 12:34:20 -------- d-----w- c:\users\owner\appdata\local\SearchProtect
2014-04-26 12:34:15 -------- d-----w- c:\users\owner\appdata\local\Programs
2014-04-26 12:34:11 -------- d-----w- c:\program files\SearchProtect
2014-04-24 07:00:39 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-23 08:36:25 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-23 08:36:25 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-22 21:30:09 -------- d-sh--w- c:\users\owner\appdata\local\EmieUserList
2014-04-22 21:30:09 -------- d-sh--w- c:\users\owner\appdata\local\EmieSiteList
2014-04-18 19:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-04-12 11:17:46 -------- d-----w- c:\program files\Tbccint
2014-04-10 02:49:30 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-10 02:49:29 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-10 02:49:29 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-10 02:49:29 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-10 02:49:29 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-03-28 02:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 02:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 02:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 02:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 02:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 02:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
==================== Find3M  ====================
.
2014-03-12 11:47:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 11:47:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-03 04:19:36 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-13 18:45:54 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
.
============= FINISH: 14:06:57.80 ===============


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 27 April 2014 - 12:33 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 April 2014 - 07:21 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by Owner at 2014-04-27 08:18:12
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
PassShow (HKLM\...\c20771cf-b330-43f0-bd27-e728ae7fe413) (Version:  - PassShow Software) <==== ATTENTION
RrSavings (Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TightVNC 2.0.3 (HKLM\...\TightVNC) (Version: 2.0.3 - GlavSoft LLC.)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wohiper (Version: 012.000.1422 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Restore Points  =========================
 
26-03-2014 04:35:05 Scheduled Checkpoint
03-04-2014 04:00:00 Scheduled Checkpoint
10-04-2014 04:00:00 Scheduled Checkpoint
10-04-2014 07:00:24 Windows Update
17-04-2014 11:44:35 Scheduled Checkpoint
22-04-2014 07:00:11 Windows Update
24-04-2014 07:00:13 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {49B0979B-0D26-4C16-B6A2-D8ABA05CEC5B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {579107DA-B5EE-41F5-944E-D452DD0624A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.)
Task: {CC8115B5-DDAA-4439-8CA2-4E97B2872AE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-01 16:11 - 2013-11-01 16:11 - 00090624 _____ () C:\Program Files\PasswordBox\libwebsocketswin32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-09 23:29 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 23:29 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 23:29 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 23:29 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 23:29 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 23:29 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:581B0446
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: G:\
Description: USB   HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: F:\
Description: USB   HS-xD/SM  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: E:\
Description: USB   HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: H:\
Description: USB   HS-SD Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2014 01:11:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 09:04:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 08:59:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 04:46:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 04:11:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 02:25:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/26/2014 09:03:55 PM) (Source: Service Control Manager) (User: )
Description: The Toolbar Service service failed to start due to the following error: 
%%2
 
Error: (04/26/2014 09:01:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (04/26/2014 08:58:24 PM) (Source: Service Control Manager) (User: )
Description: The Toolbar Service service failed to start due to the following error: 
%%2
 
Error: (04/26/2014 04:46:40 PM) (Source: Service Control Manager) (User: )
Description: The Toolbar Service service failed to start due to the following error: 
%%2
 
Error: (04/26/2014 04:11:37 PM) (Source: Service Control Manager) (User: )
Description: The Toolbar Service service failed to start due to the following error: 
%%2
 
Error: (04/26/2014 02:25:39 PM) (Source: Service Control Manager) (User: )
Description: The Toolbar Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/27/2014 01:11:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\outfoxtvaddon\BackgroundHost64.exe
 
Error: (04/26/2014 09:04:16 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
 
Error: (04/26/2014 08:59:07 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
 
Error: (04/26/2014 04:46:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
 
Error: (04/26/2014 04:11:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
 
Error: (04/26/2014 02:25:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 3317.18 MB
Available physical RAM: 1921.48 MB
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by Owner (administrator) on BHPC001 on 27-04-2014 08:17:48
Running from C:\Users\Owner\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3019269935-4125995642-676074653-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-18] (Google Inc.)
HKU\S-1-5-21-3019269935-4125995642-676074653-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 20d1c47d0ecf47d0a32ad168ddcd54df-b37f2a3a90c4f9f3c01a4adc6359e8a798770e52 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
HKU\S-1-5-21-3019269935-4125995642-676074653-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3019269935-4125995642-676074653-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80962AFC8FADCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: OutfoxTV - {C4060A77-2FB6-46A7-A5D2-A59C144F454E} - C:\Program Files\OutfoxTVaddon\ScriptHost.dll (outfoxTV)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f0spg3iv.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.fox19.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: OutfoxTV - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f0spg3iv.default\Extensions\outfox@outfox.tv [2014-04-26]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f0spg3iv.default\Extensions\staged [2014-04-27]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-21]
FF HKCU\...\Firefox\Extensions: [{591f9d2f-ffb2-4bbe-98fc-2fb86649c789}] - C:\Program Files\PassShow-soft\157.xpi
FF Extension: PassShow - C:\Program Files\PassShow-soft\157.xpi [2014-04-26]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-26]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-19]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-19]
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-03-03] (AVG Technologies)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-26] (Malwarebytes Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 fwddqpog; \??\C:\Users\Owner\AppData\Local\Temp\fwddqpog.sys [X]
U3 mbr; \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-27 08:17 - 2014-04-27 08:17 - 00014744 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-27 08:17 - 2014-04-27 08:17 - 00000000 ____D () C:\FRST
2014-04-27 08:16 - 2014-04-27 08:17 - 02061824 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-27 08:13 - 2014-04-27 08:13 - 01049600 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-04-26 21:33 - 2014-04-26 21:33 - 00370943 _____ () C:\Users\Owner\Downloads\gmer.zip
2014-04-26 21:33 - 2014-04-26 21:33 - 00370943 _____ () C:\Users\Owner\Desktop\gmer.zip
2014-04-26 21:33 - 2014-04-26 21:33 - 00005616 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-26 21:33 - 2014-04-26 21:32 - 00016898 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-26 21:32 - 2014-04-26 21:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds (1).scr
2014-04-26 21:25 - 2014-04-26 21:25 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2014-04-26 21:22 - 2014-02-14 20:17 - 00000426 _____ () C:\AVScanner.ini
2014-04-26 21:11 - 2014-04-26 21:11 - 00021922 _____ () C:\Users\Owner\Downloads\dds (2).txt
2014-04-26 21:11 - 2014-04-26 21:11 - 00006445 _____ () C:\Users\Owner\Downloads\attach (1).txt
2014-04-26 21:10 - 2014-04-26 21:10 - 00006445 _____ () C:\Users\Owner\Downloads\attach.txt
2014-04-26 21:09 - 2014-04-26 21:09 - 00021922 _____ () C:\Users\Owner\Downloads\dds.txt
2014-04-26 21:09 - 2014-04-26 21:09 - 00021922 _____ () C:\Users\Owner\Downloads\dds (1).txt
2014-04-26 20:15 - 2014-04-26 21:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 20:15 - 2014-04-26 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 20:12 - 2014-04-26 20:12 - 05196309 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-04-26 20:08 - 2014-04-26 20:08 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-04-26 16:25 - 2014-04-26 16:25 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (4).exe
2014-04-26 16:08 - 2014-04-26 16:08 - 01330861 _____ () C:\Users\Owner\Downloads\adwcleaner (3).exe
2014-04-26 14:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-04-26 14:22 - 2014-04-26 16:45 - 00000000 ____D () C:\AdwCleaner
2014-04-26 14:21 - 2014-04-26 14:21 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (2).exe
2014-04-26 14:19 - 2014-04-26 14:19 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (1).exe
2014-04-26 14:18 - 2014-04-26 14:18 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-26 14:14 - 2014-04-26 14:14 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-04-26 14:14 - 2014-04-26 14:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 14:03 - 2014-04-26 14:03 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (1).com
2014-04-26 14:03 - 2014-04-26 14:03 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-04-26 13:47 - 2014-04-26 13:48 - 13829304 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MSEInstall(1).exe
2014-04-26 13:47 - 2014-04-26 13:47 - 11241816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MSEInstall.exe
2014-04-26 08:35 - 2014-04-26 21:10 - 00000000 ____D () C:\Program Files\PassShow-soft
2014-04-26 08:35 - 2014-04-26 08:37 - 00000000 ____D () C:\Program Files\OutfoxTVaddon
2014-04-26 08:35 - 2014-04-26 08:35 - 00000000 ____D () C:\Users\Owner\Documents\DJMixPro
2014-04-26 08:35 - 2014-04-26 08:35 - 00000000 ____D () C:\Program Files\Rr Savings
2014-04-26 08:34 - 2014-04-26 20:57 - 00000000 ____D () C:\Program Files\002
2014-04-26 08:32 - 2014-04-26 08:33 - 00929416 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi188-DJ_Mixer_Professional-SEO-75118861.exe
2014-04-24 03:00 - 2014-04-24 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 04:36 - 2014-04-13 22:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 04:36 - 2014-04-13 22:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-22 17:30 - 2014-04-22 17:30 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-04-22 17:30 - 2014-04-22 17:30 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-22 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 03:00 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 03:00 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 03:00 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 03:00 - 2014-03-06 03:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 03:00 - 2014-03-06 03:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 03:00 - 2014-03-06 03:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-09 22:49 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 22:49 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 22:49 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 22:49 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 22:49 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 22:49 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-27 08:17 - 2014-04-27 08:17 - 00014744 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-27 08:17 - 2014-04-27 08:17 - 00000000 ____D () C:\FRST
2014-04-27 08:17 - 2014-04-27 08:16 - 02061824 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-27 08:13 - 2014-04-27 08:13 - 01049600 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-04-27 07:47 - 2012-11-08 23:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 07:26 - 2012-10-18 20:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 04:26 - 2012-10-18 20:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 03:00 - 2012-10-17 22:26 - 01410765 _____ () C:\Windows\WindowsUpdate.log
2014-04-26 21:33 - 2014-04-26 21:33 - 00370943 _____ () C:\Users\Owner\Downloads\gmer.zip
2014-04-26 21:33 - 2014-04-26 21:33 - 00370943 _____ () C:\Users\Owner\Desktop\gmer.zip
2014-04-26 21:33 - 2014-04-26 21:33 - 00005616 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-26 21:32 - 2014-04-26 21:33 - 00016898 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-26 21:32 - 2014-04-26 21:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds (1).scr
2014-04-26 21:25 - 2014-04-26 21:25 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2014-04-26 21:11 - 2014-04-26 21:11 - 00021922 _____ () C:\Users\Owner\Downloads\dds (2).txt
2014-04-26 21:11 - 2014-04-26 21:11 - 00006445 _____ () C:\Users\Owner\Downloads\attach (1).txt
2014-04-26 21:11 - 2009-07-14 00:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 21:11 - 2009-07-14 00:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 21:10 - 2014-04-26 21:10 - 00006445 _____ () C:\Users\Owner\Downloads\attach.txt
2014-04-26 21:10 - 2014-04-26 08:35 - 00000000 ____D () C:\Program Files\PassShow-soft
2014-04-26 21:09 - 2014-04-26 21:09 - 00021922 _____ () C:\Users\Owner\Downloads\dds.txt
2014-04-26 21:09 - 2014-04-26 21:09 - 00021922 _____ () C:\Users\Owner\Downloads\dds (1).txt
2014-04-26 21:09 - 2012-10-17 19:43 - 00786182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 21:07 - 2012-12-04 20:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-04-26 21:04 - 2014-04-26 20:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 21:03 - 2012-11-28 20:29 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-04-26 21:03 - 2012-10-18 07:45 - 00143598 _____ () C:\Windows\PFRO.log
2014-04-26 21:03 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 21:03 - 2009-07-14 00:39 - 00039077 _____ () C:\Windows\setupact.log
2014-04-26 20:57 - 2014-04-26 08:34 - 00000000 ____D () C:\Program Files\002
2014-04-26 20:57 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system
2014-04-26 20:15 - 2014-04-26 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 20:12 - 2014-04-26 20:12 - 05196309 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-04-26 20:08 - 2014-04-26 20:08 - 01727624 _____ () C:\Users\Owner\Downloads\Adaware_Installer.exe
2014-04-26 18:23 - 2012-10-17 19:47 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-26 16:45 - 2014-04-26 14:22 - 00000000 ____D () C:\AdwCleaner
2014-04-26 16:25 - 2014-04-26 16:25 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (4).exe
2014-04-26 16:08 - 2014-04-26 16:08 - 01330861 _____ () C:\Users\Owner\Downloads\adwcleaner (3).exe
2014-04-26 14:21 - 2014-04-26 14:21 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (2).exe
2014-04-26 14:19 - 2014-04-26 14:19 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner (1).exe
2014-04-26 14:18 - 2014-04-26 14:18 - 01330861 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-26 14:14 - 2014-04-26 14:14 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-04-26 14:14 - 2014-04-26 14:14 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 14:03 - 2014-04-26 14:03 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (1).com
2014-04-26 14:03 - 2014-04-26 14:03 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-04-26 13:48 - 2014-04-26 13:47 - 13829304 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MSEInstall(1).exe
2014-04-26 13:47 - 2014-04-26 13:47 - 11241816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MSEInstall.exe
2014-04-26 13:16 - 2012-10-17 21:41 - 00000000 ____D () C:\BigFishGamesCache
2014-04-26 08:37 - 2014-04-26 08:35 - 00000000 ____D () C:\Program Files\OutfoxTVaddon
2014-04-26 08:35 - 2014-04-26 08:35 - 00000000 ____D () C:\Users\Owner\Documents\DJMixPro
2014-04-26 08:35 - 2014-04-26 08:35 - 00000000 ____D () C:\Program Files\Rr Savings
2014-04-26 08:33 - 2014-04-26 08:32 - 00929416 _____ (CNET Download.com) C:\Users\Owner\Downloads\cbsidlm-cbsi188-DJ_Mixer_Professional-SEO-75118861.exe
2014-04-24 09:58 - 2013-09-13 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 09:58 - 2012-10-17 19:49 - 00000000 ____D () C:\Program Files\AVG
2014-04-24 09:56 - 2013-09-25 04:48 - 00000940 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-24 03:00 - 2014-04-24 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-22 17:30 - 2014-04-22 17:30 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-04-22 17:30 - 2014-04-22 17:30 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-22 03:54 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-04-19 09:22 - 2013-11-21 09:22 - 00000000 ____D () C:\Program Files\PasswordBox
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-13 22:11 - 2014-04-23 04:36 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:07 - 2014-04-23 04:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 07:17 - 2012-10-18 20:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-10 03:19 - 2012-10-17 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-10 03:03 - 2012-11-28 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:02 - 2013-07-23 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2012-12-14 08:05 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 23:29 - 2012-10-18 20:33 - 00002134 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\D049.tmpcrt.dll
C:\Users\Owner\AppData\Local\Temp\D0B7.tmpcrt.dll
C:\Users\Owner\AppData\Local\Temp\oi_{7AC7390F-F382-4C70-B453-9F57A84930CC}.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\tbedrs.dll
C:\Users\Owner\AppData\Local\Temp\TB_5320.exe
C:\Users\Owner\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 00:17
 
==================== End Of Log ============================
Total Pagefile: 6632.64 MB
Available Pagefile: 5160.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.43 MB
 
==================== Drives ================================
 
Drive c: (bwc12) (Fixed) (Total:596.17 GB) (Free:526.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 28000000)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 27 April 2014 - 09:17 AM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

AlternateDataStreams: C:\ProgramData\TEMP:581B0446
C:\Users\Owner\AppData\Local\Temp\D049.tmpcrt.dll
C:\Users\Owner\AppData\Local\Temp\D0B7.tmpcrt.dll
C:\Users\Owner\AppData\Local\Temp\oi_{7AC7390F-F382-4C70-B453-9F57A84930CC}.exe
C:\Users\Owner\AppData\Local\Temp\tbedrs.dll
C:\Users\Owner\AppData\Local\Temp\TB_5320.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 April 2014 - 10:36 AM

I get an error message saying i don't know what to do and the tool is closing ???



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 27 April 2014 - 02:49 PM

Please try this instead:

 

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 27 April 2014 - 06:19 PM

ComboFix 14-04-26.01 - Owner 04/27/2014  19:03:06.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3317.2316 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-27 to 2014-04-27  )))))))))))))))))))))))))))))))
.
.
2014-04-27 23:08 . 2014-04-27 23:08 -------- d-----w- c:\users\Owner\AppData\Local\temp
2014-04-27 23:08 . 2014-04-27 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-27 12:17 . 2014-04-27 15:36 -------- d-----w- C:\FRST
2014-04-27 00:15 . 2014-04-27 01:04 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-27 00:15 . 2014-04-27 00:15 -------- d-----w- c:\programdata\Malwarebytes
2014-04-26 18:23 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-04-26 18:22 . 2014-04-26 20:45 -------- d-----w- C:\AdwCleaner
2014-04-26 18:14 . 2014-04-26 18:14 -------- d-----w- c:\windows\ERUNT
2014-04-26 12:35 . 2014-04-26 12:35 -------- d-----w- c:\program files\Rr Savings
2014-04-26 12:35 . 2014-04-26 12:37 -------- d-----w- c:\program files\OutfoxTVaddon
2014-04-26 12:35 . 2014-04-27 01:10 -------- d-----w- c:\program files\PassShow-soft
2014-04-26 12:35 . 2014-04-26 12:35 -------- d-----w- C:\temp
2014-04-26 12:34 . 2014-04-27 00:57 -------- d-----w- c:\program files\002
2014-04-26 12:34 . 2014-04-26 12:34 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2014-04-24 07:00 . 2014-04-24 07:00 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-23 08:36 . 2014-04-14 02:11 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-04-23 08:36 . 2014-04-14 02:07 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-22 21:30 . 2014-04-22 21:30 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieUserList
2014-04-22 21:30 . 2014-04-22 21:30 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieSiteList
2014-04-10 02:49 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-10 02:49 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-10 02:49 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-10 02:49 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-10 02:49 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 11:47 . 2012-10-18 12:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 11:47 . 2012-10-18 12:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-03 04:19 . 2013-05-01 21:11 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-13 18:45 . 2014-02-13 18:45 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
2014-02-07 01:07 . 2014-03-11 23:24 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-11 23:24 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 23:24 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-11 23:24 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-11 23:24 185344 ----a-w- c:\windows\system32\wwansvc.dll
2010-10-12 21:33 . 2014-03-19 08:32 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2014-03-19 08:32 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2014-03-19 08:32 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2014-03-19 08:32 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2014-03-19 08:32 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2014-03-19 08:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2014-03-19 08:32 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2014-03-19 08:32 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2014-03-19 08:32 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2014-03-19 08:32 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C4060A77-2FB6-46A7-A5D2-A59C144F454E}]
2014-04-08 10:27 455912 ----a-w- c:\program files\OutfoxTVaddon\ScriptHost.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-19 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-05-26 826896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 TBSrv;Toolbar Service;c:\program files\Tbccint\ToolbarService\ToolbarService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-30 1343400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-03-03 42784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-02-13 47488]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 PasswordBox;PasswordBox;c:\program files\PasswordBox\pbbtnService.exe [2013-11-01 67584]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2011-05-26 826896]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-04-27 107736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FWDDQPOG
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - fwddqpog
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 03:27 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 11:47]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 00:32]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f0spg3iv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.fox19.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKLM-Run-AVG_UI - c:\program files\AVG\AVG2014\avgui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-27  19:09:54
ComboFix-quarantined-files.txt  2014-04-27 23:09
.
Pre-Run: 570,118,914,048 bytes free
Post-Run: 574,290,952,192 bytes free
.
- - End Of File - - B90F77CE36ABDACF4A7241D6BC88E5D6
A36C5E4F47E84449FF07ED3517B43A31


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 28 April 2014 - 01:15 PM

Please do this next:

icon11.gif  Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 28 April 2014 - 06:20 PM

Before I joined Bleeping Computer I took this step.  So this scan did not turn up anything.
 
It did find several malicious items and quarantined them on 4/26.  It did not help the problem, thus my entries in this blog.
 
Both reports are below 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/28/2014
Scan Time: 7:11:01 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.28.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 235291
Time Elapsed: 4 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
_________________________
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/26/2014
Scan Time: 8:56:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.26.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 240954
Time Elapsed: 40 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
Trojan.Agent.SVR, C:\Program Files\002\yewimmxqbs32.exe, 1552, Delete-on-Reboot, [d618e24cf586cd69a8de2543cd3444bc]
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, 616, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53]
 
Modules: 2
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
 
Registry Keys: 14
Trojan.Agent.SVR, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs32, Quarantined, [d618e24cf586cd69a8de2543cd3444bc], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [628c5bd3bac177bf12a9839648ba22de], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, Quarantined, [d11d1c12bdbe4aec8d37fb76c53d52ae], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rrsavings, Quarantined, [9b53e648c9b238fea81a98d9cd35936d], 
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3019269935-4125995642-676074653-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RrSavings, Quarantined, [8a6487a72b503600e5e1fb76cb378d73], 
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3019269935-4125995642-676074653-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, Quarantined, [3eb0022c8dee95a1ccfd472af50dcc34], 
PUP.Optional.RRSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RrFilterService, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.PassShow.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4e1dfdc4-5474-47fc-bcaa-6f1f0c49bae2}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKLM\SOFTWARE\CLASSES\CLSID\{4E1DFDC4-5474-47FC-BCAA-6F1F0C49BAE2}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ade2113b-9952-46c8-85b0-b115be39a9fa}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77bf05d1-5f5f-40d2-8feb-7e326c73a257}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKLM\SOFTWARE\CLASSES\CLSID\{4E1DFDC4-5474-47FC-BCAA-6F1F0C49BAE2}\INPROCSERVER32, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKU\S-1-5-21-3019269935-4125995642-676074653-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E1DFDC4-5474-47FC-BCAA-6F1F0C49BAE2}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
PUP.Optional.PassShow.A, HKU\S-1-5-21-3019269935-4125995642-676074653-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E1DFDC4-5474-47FC-BCAA-6F1F0C49BAE2}, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, Quarantined, [aa44e44ae09bd85e8bb65619dd25b64a], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
 
Files: 24
Trojan.Agent.SVR, C:\Program Files\002\yewimmxqbs32.exe, Delete-on-Reboot, [d618e24cf586cd69a8de2543cd3444bc], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nseC860.exe, Quarantined, [06e89698f08baa8cce7e61c4ba47bb45], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nskF1F6.exe, Quarantined, [4ca24ce2255678bec488c75e877ae719], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nskF948.exe, Quarantined, [29c569c50477f541a2aa071eb74a5ca4], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nspD08D.exe, Quarantined, [13db83ab245755e1e16b1f067f82b44c], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nszCCD4.exe, Quarantined, [f6f840eed8a32e08aca00520eb1618e8], 
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nszF5AE.exe, Quarantined, [6886ad81f388a78fa5a770b555acd030], 
PUP.Optional.JollyWallet, C:\Users\Owner\AppData\Local\Temp\is1275519350\jollywallet_silence_106_2.exe, Quarantined, [9d51cf5f502be551d85c3027d62eaa56], 
PUP.Optional.Babylon.A, C:\Users\Owner\AppData\Local\Temp\is1275519350\MyBabylonTB.exe, Quarantined, [5698b678bcbf979fb90236e87f812cd4], 
PUP.Optional.PricePeep.A, C:\Users\Owner\AppData\Local\Temp\is1275519350\PricePeepInstaller.exe, Quarantined, [5a947fafc3b877bf19cd0e2bb24fbc44], 
PUP.Optional.BabylonToolBar.A, C:\Users\Owner\AppData\Local\Temp\304EB869-BAB0-7891-9AC1-22D99B501A3D\Latest\MyBabylonTB.exe, Quarantined, [a44a4ae4a4d72610d5a1d93ac63b5aa6], 
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nszA7A6\SpSetup.exe, Quarantined, [1ed078b6a3d855e1f447f723d32e59a7], 
PUP.Optional.Domalq, C:\Users\Owner\Downloads\Setup.exe, Quarantined, [2fbf230ba7d4c86e85cf7ec342be1ae6], 
PUP.Optional.PassShow.A, C:\Windows\Tasks\PassShow Update.job, Quarantined, [89650e20abd057df126287fedb2701ff], 
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings\uninstaller.exe, Quarantined, [aa44e44ae09bd85e8bb65619dd25b64a], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Installbat.dll, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.dll, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\Microsoft.Deployment.WindowsInstaller.xml, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfapi.dll, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\nfregdrv.exe, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\ProtocolFilters.dll, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\RrFilterService.exe, Delete-on-Reboot, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\sample.dll, Quarantined, [ea04de50c1ba0e28f052d09ff60cad53], 
PUP.Optional.PassShow.A, C:\Program Files\PassShow-soft\157.dll, Quarantined, [1fcf9d918eed35014137f53fb94b8a76], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 29 April 2014 - 08:44 AM

Are your browser hijacks occuring in all browsers or are they isolated to just one?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 29 April 2014 - 04:25 PM

They seem to be limited to Firefox.  I had to open Chrome to get this blog to work. As soon as I navigate off my home page I get 1-3 new tabs on my task bar 



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 29 April 2014 - 06:48 PM

Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 bkhutch

bkhutch
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 29 April 2014 - 07:45 PM

C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\hk64tbPro0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\hk64tbPro2.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\hktbPro0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\hktbPro2.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\ldrtbPro0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\ldrtbPro2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\ldrtbProd.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\Produtools_Manuals_2.1_E2ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\Produtools_Manuals_2.1_E2ToolbarHelper1.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\prxtbProd.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\tbPro0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\tbPro2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Produtools_Manuals_2.1_E2\tbProd.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\hk64tbPro0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\hk64tbPro2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\hktbPro0.dll.vir probably a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\hktbPro2.dll.vir probably a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\ldrtbProd.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\tbPro0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\tbPro1.dll.vir probably a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\tbPro2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\tbProd.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\Produtools_Manuals_2.1_E2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\Program Files\OutfoxTVaddon\AddonsFramework.Typelib.dll a variant of Win32/Toolbar.Besttoolbars.I potentially unwanted application
C:\Program Files\OutfoxTVaddon\AddonsFramework.Typelib64.dll Win64/Toolbar.Besttoolbars.B potentially unwanted application
C:\Program Files\OutfoxTVaddon\BackgroundHost.exe a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application
C:\Program Files\OutfoxTVaddon\BackgroundHost64.exe a variant of Win64/Toolbar.Besttoolbars.A potentially unwanted application
C:\Program Files\PassShow-soft\Uninstall.exe a variant of Win32/AdWare.AddLyrics.AH application
C:\Users\Owner\Downloads\cbsidlm-cbsi134-DoubleTwist-SEO-10825270.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Owner\Downloads\cbsidlm-cbsi188-DJ_Mixer_Professional-SEO-75118861.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Owner\Downloads\SkypeSetup.exe a variant of Win32/InstallCore.BA potentially unwanted application
C:\Users\Public\Downloads\AdventureInlay-dm[1].exe a variant of Win32/Adware.Trymedia.A potentially unwanted application
C:\x-fer\users\Hutchinsons Computer\AppData\Local\Temp\834eb9f3-b12b-4852-9de0-61f12f666888.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 30 April 2014 - 04:31 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

FF Extension: OutfoxTV - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f0spg3iv.default\Extensions\outfox@outfox.tv [2014-04-26]
C:\Program Files\OutfoxTVaddon\AddonsFramework.Typelib.dll
C:\Program Files\OutfoxTVaddon\AddonsFramework.Typelib64.dll
C:\Program Files\OutfoxTVaddon\BackgroundHost.exe
C:\Program Files\OutfoxTVaddon\BackgroundHost64.exe
C:\Program Files\PassShow-soft\Uninstall.exe
C:\Users\Owner\Downloads\cbsidlm-cbsi134-DoubleTwist-SEO-10825270.exe
C:\Users\Owner\Downloads\cbsidlm-cbsi188-DJ_Mixer_Professional-SEO-75118861.exe
C:\Users\Public\Downloads\AdventureInlay-dm[1].exe
C:\x-fer\users\Hutchinsons Computer\AppData\Local\Temp\834eb9f3-b12b-4852-9de0-61f12f666888.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users