Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Assistant" and "Internet Optimizer" RunDLL errors when uninstalling


  • This topic is locked This topic is locked
5 replies to this topic

#1 jordangee

jordangee

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 02 June 2014 - 06:54 PM

I have two unknown programs on my computer that will not uninstall, and both are getting similar errors when I try to remove them. The error when I try to uninstall "Assistant" is:

 

---------------------------
RunDLL
---------------------------
There was a problem starting C:\PROGRA~3\ASSIST~1\ASSIST~1.DLL

The specified module could not be found.


---------------------------
OK   
---------------------------
 

 

and the error when attempting to uninstall "Internet Optimizer" is:

 

---------------------------
RunDLL
---------------------------
There was a problem starting C:\PROGRA~3\INTERE~1\INTERE~1.DLL

The specified module could not be found.


---------------------------
OK   
---------------------------
 

Here is the DDS report:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by I hate Myself at 18:47:08 on 2014-06-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4088.2333 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe
C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.easylifeapp.com/
mStart Page = hxxp://search.easylifeapp.com/
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{9B2CC130-ADC0-4A34-8DBD-474F2B969C07} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.easylifeapp.com/
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\I hate Myself\AppData\Roaming\Mozilla\Firefox\Profiles\21rx1g2s.default-1394592169177\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-23 208416]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-20 55856]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-12-17 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-23 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-23 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-23 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-23 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-23 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-23 50344]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-23 1809720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224]
R3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2013-4-6 10880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-23 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2013-4-6 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-23 860472]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2011-11-20 145448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-12-10 112080]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-13 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-13 9096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-2 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-5-23 91352]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-23 63704]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-06-02 23:08:39    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-06-02 22:37:00    98816    ----a-w-    C:\Windows\sed.exe
2014-06-02 22:37:00    256000    ----a-w-    C:\Windows\PEV.exe
2014-06-02 22:37:00    208896    ----a-w-    C:\Windows\MBR.exe
2014-05-31 07:34:12    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28B65740-CA82-429C-974B-4B31C49645A6}\offreg.dll
2014-05-30 09:24:35    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{28B65740-CA82-429C-974B-4B31C49645A6}\mpengine.dll
2014-05-29 21:27:08    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-23 22:02:42    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-23 22:02:15    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-23 22:02:15    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-23 22:02:15    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-23 22:02:15    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-23 22:02:15    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-23 21:44:33    --------    d-----w-    C:\Users\I hate Myself\AppData\Roaming\AVAST Software
2014-05-23 21:43:43    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-23 21:43:42    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-23 21:43:41    423240    ----a-w-    C:\Windows\System32\drivers\aswsp.sys.1400881447862
2014-05-23 21:43:41    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys.1400881447862
2014-05-23 21:43:41    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-23 21:43:39    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-23 21:43:38    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-23 21:43:36    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-23 21:43:35    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-23 21:43:26    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-23 21:40:43    --------    d-----w-    C:\Program Files\AVAST Software
2014-05-22 00:56:59    --------    d-----w-    C:\ProgramData\ShuopDrop
2014-05-15 08:06:12    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-15 08:06:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-14 23:40:51    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-03-31 14:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 18:47:36.66 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 07 June 2014 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 jordangee

jordangee
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 07 June 2014 - 01:39 PM

# AdwCleaner v3.212 - Report created 07/06/2014 at 13:09:15
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : I hate Myself - JOJO
# Running from : C:\Users\I hate Myself\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Assistant
Folder Deleted : C:\ProgramData\Interenet Optimizer
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\HAppYi2Save
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\I hate Myself\AppData\Local\Conduit
Folder Deleted : C:\Users\I hate Myself\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\I hate Myself\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\I hate Myself\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\pomnbiifndidbhcmbnpcgblgkbohnfln

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\HapPy2Save.HapPy2Save
Key Deleted : HKLM\SOFTWARE\Classes\HapPy2Save.HapPy2Save.2.5
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-161304646
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7C6B54F-81F5-D18B-D9FD-2C7446EA1427}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7C6B54F-81F5-D18B-D9FD-2C7446EA1427}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30AC2143-DCE8-4573-919D-49803D5514E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D5AED75-3229-4719-BD2D-D943A191278F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7C6B54F-81F5-D18B-D9FD-2C7446EA1427}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\I hate Myself\AppData\Roaming\Mozilla\Firefox\Profiles\21rx1g2s.default-1394592169177\prefs.js ]

Line Deleted : user_pref("extensions.64sjmqo.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.inde[...]
Line Deleted : user_pref("extensions.Yz2Xleujl.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]

[ File : C:\Users\Phone\AppData\Roaming\Mozilla\Firefox\Profiles\0a1ij2h5.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/");

-\\ Google Chrome v32.0.1700.102

*************************

AdwCleaner[R0].txt - [6611 octets] - [07/06/2014 11:35:48]
AdwCleaner[S0].txt - [6089 octets] - [07/06/2014 13:09:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6149 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by I hate Myself (administrator) on JOJO on 07-06-2014 13:32:54
Running from C:\Users\I hate Myself\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Akamai Technologies, Inc.) C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKU\S-1-5-21-752195533-1106098217-2610963004-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-752195533-1106098217-2610963004-1001\...\Run: [Akamai NetSession Interface] => C:\Users\I hate Myself\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0DC8FA7231A7CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\I hate Myself\AppData\Roaming\Mozilla\Firefox\Profiles\21rx1g2s.default-1394592169177
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users\I hate Myself\AppData\Roaming\Mozilla\Firefox\Profiles\21rx1g2s.default-1394592169177\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-09]
FF Extension: Adblock Plus - C:\Users\I hate Myself\AppData\Roaming\Mozilla\Firefox\Profiles\21rx1g2s.default-1394592169177\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-21]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-11-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-23]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-01]
CHR Extension: (Google Search) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-01]
CHR Extension: (Google Wallet) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR Extension: (Gmail) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-01]
CHR Extension: (No Name) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\pomnbiifndidbhcmbnpcgblgkbohnfln [2013-12-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-23] (AVAST Software)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-23] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-23] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 13:32 - 2014-06-07 13:33 - 00013715 _____ () C:\Users\I hate Myself\Desktop\FRST.txt
2014-06-07 13:32 - 2014-06-07 13:32 - 02072576 _____ (Farbar) C:\Users\I hate Myself\Desktop\FRST64.exe
2014-06-07 13:32 - 2014-06-07 13:32 - 00000000 ____D () C:\FRST
2014-06-07 11:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-07 11:35 - 2014-06-07 13:09 - 00000000 ____D () C:\AdwCleaner
2014-06-07 11:35 - 2014-06-07 11:35 - 01333465 _____ () C:\Users\I hate Myself\Desktop\adwcleaner_3.212.exe
2014-06-02 18:47 - 2014-06-02 18:49 - 00018266 _____ () C:\Users\I hate Myself\Desktop\dds.txt
2014-06-02 18:47 - 2014-06-02 18:49 - 00010694 _____ () C:\Users\I hate Myself\Desktop\attach.txt
2014-06-02 18:46 - 2014-06-02 18:46 - 00688992 ____R (Swearware) C:\Users\I hate Myself\Downloads\dds.com
2014-06-02 18:08 - 2014-06-02 18:08 - 00033737 _____ () C:\ComboFix.txt
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Phone\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 17:37 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-02 17:37 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-02 17:37 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-02 17:37 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-02 17:37 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-02 17:37 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-02 17:37 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-02 17:37 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-02 17:36 - 2014-06-02 18:08 - 00000000 ____D () C:\Qoobox
2014-06-02 17:36 - 2014-06-02 18:07 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 16:27 - 2014-05-29 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-23 19:22 - 2014-05-23 19:22 - 04745728 _____ (AVAST Software) C:\Users\I hate Myself\Downloads\aswMBR.exe
2014-05-23 17:02 - 2014-06-06 15:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 17:02 - 2014-05-29 16:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-23 17:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-23 17:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 17:00 - 2014-05-23 17:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\I hate Myself\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-23 16:44 - 2014-05-23 16:44 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\I hate Myself\AppData\Roaming\AVAST Software
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-23 16:43 - 2014-06-07 13:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-23 16:43 - 2014-05-23 16:44 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-23 16:43 - 2014-05-23 16:44 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-23 16:43 - 2014-05-23 16:44 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400881447862
2014-05-23 16:43 - 2014-05-23 16:43 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400881447862
2014-05-23 16:43 - 2014-05-23 16:43 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 16:43 - 2014-05-23 16:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-23 16:40 - 2014-05-23 16:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-23 16:39 - 2014-05-23 16:39 - 04796856 _____ (AVAST Software) C:\Users\I hate Myself\Downloads\avast_free_antivirus_setup_online.exe
2014-05-23 16:03 - 2014-05-23 16:03 - 00000000 ____D () C:\Users\I hate Myself\Desktop\Games
2014-05-23 16:02 - 2014-05-23 16:02 - 00000000 ____D () C:\Users\I hate Myself\Desktop\RESUME
2014-05-23 15:58 - 2014-05-23 15:59 - 00000000 ____D () C:\Users\I hate Myself\Desktop\SS
2014-05-23 15:58 - 2014-05-23 15:58 - 00000835 _____ () C:\Users\I hate Myself\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-21 19:56 - 2014-05-23 16:27 - 00000000 ____D () C:\ProgramData\ShuopDrop
2014-05-15 03:06 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:06 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:06 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:06 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:06 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:06 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:15 - 2014-05-14 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 19:04 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:04 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:04 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:04 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:04 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:04 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:04 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:04 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:04 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:04 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:04 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:04 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:04 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:04 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:04 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:04 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:04 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:04 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:04 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:04 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:04 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:40 - 2014-05-14 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:40 - 2014-05-14 18:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2014-06-07 13:33 - 2014-06-07 13:32 - 00013715 _____ () C:\Users\I hate Myself\Desktop\FRST.txt
2014-06-07 13:33 - 2011-11-19 22:02 - 00000000 ____D () C:\Users\I hate Myself\AppData\Local\Temp
2014-06-07 13:32 - 2014-06-07 13:32 - 02072576 _____ (Farbar) C:\Users\I hate Myself\Desktop\FRST64.exe
2014-06-07 13:32 - 2014-06-07 13:32 - 00000000 ____D () C:\FRST
2014-06-07 13:21 - 2012-03-01 14:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 13:21 - 2011-11-19 21:54 - 01218883 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 13:19 - 2009-07-13 23:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 13:19 - 2009-07-13 23:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 13:17 - 2009-07-14 00:13 - 00778894 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-07 13:12 - 2014-05-23 16:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-07 13:12 - 2012-06-22 13:37 - 00000000 ____D () C:\Users\I hate Myself\AppData\Local\LogMeIn Hamachi
2014-06-07 13:12 - 2011-11-20 17:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-07 13:11 - 2014-02-28 15:48 - 00004140 _____ () C:\Windows\PFRO.log
2014-06-07 13:11 - 2014-02-28 15:48 - 00002016 _____ () C:\Windows\setupact.log
2014-06-07 13:11 - 2012-03-01 14:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 13:11 - 2011-11-20 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-07 13:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 13:09 - 2014-06-07 11:35 - 00000000 ____D () C:\AdwCleaner
2014-06-07 11:35 - 2014-06-07 11:35 - 01333465 _____ () C:\Users\I hate Myself\Desktop\adwcleaner_3.212.exe
2014-06-07 02:00 - 2011-11-20 21:49 - 00000000 ____D () C:\Users\I hate Myself\AppData\Local\Adobe
2014-06-06 15:41 - 2014-05-23 17:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 18:49 - 2014-06-02 18:47 - 00018266 _____ () C:\Users\I hate Myself\Desktop\dds.txt
2014-06-02 18:49 - 2014-06-02 18:47 - 00010694 _____ () C:\Users\I hate Myself\Desktop\attach.txt
2014-06-02 18:46 - 2014-06-02 18:46 - 00688992 ____R (Swearware) C:\Users\I hate Myself\Downloads\dds.com
2014-06-02 18:28 - 2014-01-29 12:23 - 00000000 ____D () C:\Users\I hate Myself\AppData\Local\Akamai
2014-06-02 18:08 - 2014-06-02 18:08 - 00033737 _____ () C:\ComboFix.txt
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Phone\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 18:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-02 18:08 - 2014-06-02 17:36 - 00000000 ____D () C:\Qoobox
2014-06-02 18:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-06-02 18:07 - 2014-06-02 17:36 - 00000000 ____D () C:\Windows\erdnt
2014-06-02 18:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 16:27 - 2014-05-29 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-29 16:26 - 2014-05-23 17:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-23 19:22 - 2014-05-23 19:22 - 04745728 _____ (AVAST Software) C:\Users\I hate Myself\Downloads\aswMBR.exe
2014-05-23 19:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 17:02 - 2014-05-23 17:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-23 17:01 - 2014-05-23 17:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\I hate Myself\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-23 16:44 - 2014-05-23 16:44 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\Users\I hate Myself\AppData\Roaming\AVAST Software
2014-05-23 16:44 - 2014-05-23 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-23 16:44 - 2014-05-23 16:43 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-23 16:44 - 2014-05-23 16:43 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-23 16:44 - 2014-05-23 16:43 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400881447862
2014-05-23 16:43 - 2014-05-23 16:43 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400881447862
2014-05-23 16:43 - 2014-05-23 16:43 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 16:43 - 2014-05-23 16:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 16:43 - 2014-05-23 16:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-23 16:43 - 2011-11-20 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-23 16:40 - 2014-05-23 16:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-23 16:39 - 2014-05-23 16:39 - 04796856 _____ (AVAST Software) C:\Users\I hate Myself\Downloads\avast_free_antivirus_setup_online.exe
2014-05-23 16:39 - 2011-11-20 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-23 16:27 - 2014-05-21 19:56 - 00000000 ____D () C:\ProgramData\ShuopDrop
2014-05-23 16:27 - 2012-05-08 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-23 16:18 - 2014-01-29 18:19 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-05-23 16:17 - 2014-03-17 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-05-23 16:17 - 2014-01-29 18:21 - 00000000 ____D () C:\Users\I hate Myself\AppData\Local\Autodesk
2014-05-23 16:17 - 2014-01-29 12:26 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-23 16:03 - 2014-05-23 16:03 - 00000000 ____D () C:\Users\I hate Myself\Desktop\Games
2014-05-23 16:03 - 2013-12-03 23:05 - 00000000 ____D () C:\ProgramData\9863081c85e92860
2014-05-23 16:03 - 2011-11-20 17:56 - 00000000 ____D () C:\Users\I hate Myself\AppData\Roaming\uTorrent
2014-05-23 16:02 - 2014-05-23 16:02 - 00000000 ____D () C:\Users\I hate Myself\Desktop\RESUME
2014-05-23 15:59 - 2014-05-23 15:58 - 00000000 ____D () C:\Users\I hate Myself\Desktop\SS
2014-05-23 15:58 - 2014-05-23 15:58 - 00000835 _____ () C:\Users\I hate Myself\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-17 10:54 - 2013-05-16 13:36 - 00000000 ___RD () C:\Users\I hate Myself\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 10:54 - 2013-05-16 13:36 - 00000000 ___RD () C:\Users\I hate Myself\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 04:01 - 2014-05-02 03:55 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 03:07 - 2011-11-20 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:05 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:03 - 2011-11-19 22:10 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:15 - 2014-05-14 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 18:40 - 2014-05-14 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 18:40 - 2014-05-14 18:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-12 07:26 - 2014-05-23 17:02 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-23 17:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\I hate Myself\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:25

==================== End Of Log ============================

 

 

 

 

 

 

The programs seem to be gone! Thank you so much for your help.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 08 June 2014 - 08:02 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\I hate Myself\AppData\Local\Google\Chrome\User Data\Default\Extensions\pomnbiifndidbhcmbnpcgblgkbohnfln [2013-12-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\I hate Myself\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 14 June 2014 - 09:25 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 20 June 2014 - 08:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users