Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast! Web Shield has blocked a harmful webpage or file


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kistoway

Kistoway

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 28 June 2014 - 03:33 PM

For a week, I have been getting constant alerts from Avast!, and since I updated Malwarebytes, it is also giving me alerts.
 
Avast! Alert: 
Avast! Web Shield has blocked a harmful webpage or file.
Object: http://brozblagrom-c2.com/online/526 (This changes with ever new alert popup, usualy 6 or more will show up at once)
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
Malwarebytes Alert: 
Malicious Website Blocked
Domain: forteen-meters7.me
IP: 5.45.6.199
Port: 50271
Type: Outbound
Process: C:\Windows\System32\svchost.exe
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Kistoway at 16:17:04 on 2014-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.1531 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Goodshop app: {A1A641F2-E7F3-4194-A420-A0EF36CD022F} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Kistoway\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\MAINTE~1\Startup\Dropbox.lnk - C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\2656C6B696E6E2361323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\342324D473 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\342324D473F5548545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\5503935503 : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - C:\Program Files (x86)\Goodshop app\Basement\Extension64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-12-9 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-12-9 40064]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-6-4 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-4 208416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-6-4 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-4 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-4 423240]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2012-11-2 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-9 204288]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-4 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-4 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-4 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-6-4 109048]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-28 860472]
R2 Update Service for Goodshop app;Update Service for Goodshop app;C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe [2013-10-30 685040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-2 115216]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-16 186152]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-28 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-28 63704]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-9 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-4 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-4 30208]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2013-3-8 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
.
=============== Created Last 30 ================
.
2014-06-28 19:47:37 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{112E88FF-1966-412E-8C3E-92DFCDF747DE}\mpengine.dll
2014-06-28 19:44:37 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-28 19:32:07 -------- d-----w- C:\ComboFix
2014-06-28 18:00:35 98816 ----a-w- C:\Windows\sed.exe
2014-06-28 18:00:35 256000 ----a-w- C:\Windows\PEV.exe
2014-06-28 18:00:35 208896 ----a-w- C:\Windows\MBR.exe
2014-06-28 17:30:47 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-28 17:29:37 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-28 17:29:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 17:25:29 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-27 12:42:20 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-26 17:23:15 -------- d-----w- C:\Users\Kistoway\AppData\Local\Blizzard
2014-06-26 16:54:26 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-06-26 16:50:22 -------- d-----w- C:\Users\Kistoway\AppData\Local\Blizzard Entertainment
2014-06-26 16:50:13 -------- d-----w- C:\Users\Kistoway\AppData\Roaming\Battle.net
2014-06-26 16:50:13 -------- d-----w- C:\Users\Kistoway\AppData\Local\Battle.net
2014-06-26 16:49:28 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-06-26 16:49:27 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-06-26 16:49:27 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-06-26 16:44:00 -------- d-----w- C:\ProgramData\Battle.net
2014-06-24 09:42:28 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-24 09:32:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-24 09:30:34 -------- d-----w- C:\AdwCleaner
2014-06-24 08:14:25 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFBC4200-AC84-4515-B4E1-21CCBD169F0B}\gapaengine.dll
2014-06-06 01:10:49 -------- d---a-w- C:\Betrayal at Krondor
2014-06-04 20:30:08 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-06-04 20:30:05 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-04 20:30:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-04 20:30:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-04 20:24:42 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-06-04 20:23:59 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2014-06-04 20:04:05 -------- d-s---w- C:\Windows\System32\CompatTel
2014-06-04 18:35:39 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-06-04 18:35:39 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-06-04 18:35:35 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-06-04 18:35:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-06-04 18:15:43 -------- d-----w- C:\Windows\Migration
2014-06-04 17:42:33 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-04 17:42:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-04 16:37:13 -------- d-----w- C:\Windows\System32\MRT
2014-06-04 15:34:47 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-06-04 15:34:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-06-04 15:34:45 800768 ----a-w- C:\Windows\System32\usp10.dll
2014-06-04 15:34:45 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-04 15:34:42 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-06-04 15:34:42 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-06-04 15:34:41 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-06-04 15:34:40 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-06-04 15:33:07 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-06-04 15:33:06 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-06-04 15:31:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-06-04 15:31:27 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-06-04 15:31:27 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-06-04 15:31:26 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-06-04 15:31:26 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-06-04 15:31:24 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-06-04 15:28:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-06-04 15:28:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-06-04 15:28:19 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-06-04 15:28:18 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-06-04 15:28:14 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-06-04 15:28:14 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-06-04 15:27:37 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-06-04 15:27:37 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-06-04 15:27:36 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-06-04 15:27:36 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-06-04 15:27:35 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-06-04 15:27:27 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-06-04 15:27:27 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-06-04 15:25:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-06-04 15:25:22 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-06-04 15:25:22 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-06-04 15:25:19 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-06-04 15:25:19 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-06-04 15:24:39 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-06-04 15:24:38 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-06-04 15:24:35 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-06-04 15:24:35 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-06-04 15:24:35 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-06-04 15:24:34 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-06-04 15:24:34 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-06-04 15:24:14 111448 ----a-w- C:\Windows\System32\consent.exe
2014-06-04 15:24:13 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-06-04 15:23:33 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-06-04 15:23:33 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-06-04 15:21:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-06-04 15:20:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-06-04 15:20:50 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-06-04 15:20:07 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-04 15:20:07 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-04 15:19:34 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-04 15:19:33 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-06-04 15:19:33 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-06-04 15:16:50 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-06-04 15:16:49 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2014-06-04 15:16:49 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-06-04 14:55:40 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-06-04 14:54:26 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-06-04 14:54:26 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-06-04 14:54:25 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-06-04 14:54:25 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2014-06-04 14:54:25 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-06-04 14:54:25 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-06-04 14:54:24 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2014-06-04 14:52:54 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-06-04 14:50:01 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-06-04 14:50:00 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-06-04 14:50:00 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-06-04 14:49:59 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-06-04 14:49:58 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-06-04 14:49:11 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-06-04 14:47:27 -------- d-----w- C:\Users\Kistoway\AppData\Roaming\AVAST Software
2014-06-04 13:18:33 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-06-04 13:18:33 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-06-04 13:18:33 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-06-04 13:18:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-06-04 13:18:33 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1401887964981
2014-06-04 13:18:33 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-06-04 13:18:33 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-06-04 13:18:33 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-06-04 13:18:33 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1401887964981
2014-06-04 13:18:33 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-06-04 13:17:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-04 13:15:58 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-06-04 13:13:55 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-04 13:13:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
.
==================== Find3M  ====================
.
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:18:36.18 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 03 July 2014 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539339 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kistoway

Kistoway
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 July 2014 - 09:10 PM

I'm still having this issue.  I do not have my original Windows DVD available.

 

New DDS log: 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Kistoway at 22:07:11 on 2014-07-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.2176 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Goodshop app: {A1A641F2-E7F3-4194-A420-A0EF36CD022F} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Kistoway\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\MAINTE~1\Startup\Dropbox.lnk - C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\2656C6B696E6E2361323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\342324D473 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\342324D473F5548545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\5503935503 : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{C4FE54B4-2A73-4B7E-A1AF-9AED7956B14F}\7627169726F697 : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - {776244C8-BA5F-4EE8-8B66-E4CA025F546A} - C:\Program Files (x86)\Goodshop app\Basement\Extension64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-12-9 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-12-9 40064]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-6-4 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-4 208416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-6-4 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-4 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-4 423240]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2012-11-2 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-9 204288]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-4 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-4 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-4 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-6-4 109048]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-28 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-28 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 Update Service for Goodshop app;Update Service for Goodshop app;C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe [2013-10-30 685040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-2 115216]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-16 186152]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-28 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-28 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-9 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-4 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-4 30208]
S3 usj;usj;C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2013-3-8 89560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
.
=============== Created Last 30 ================
.
2014-07-03 18:24:14 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD87AC4-69D2-4432-848A-F71F616F840C}\gapaengine.dll
2014-07-03 18:23:16 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A819898C-09AC-4E78-B629-988C61103B89}\mpengine.dll
2014-07-03 10:34:43 -------- d-----w- C:\FRST
2014-07-02 17:18:11 10779000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-01 05:53:04 -------- d-----w- C:\Users\Kistoway\AppData\Local\ElevatedDiagnostics
2014-06-28 21:55:09 -------- d-----w- C:\Users\Kistoway\AppData\Roaming\SmartDraw
2014-06-28 21:53:00 -------- d-----w- C:\SmartDraw CI
2014-06-28 19:44:37 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-28 19:32:07 -------- d-----w- C:\ComboFix
2014-06-28 18:00:35 98816 ----a-w- C:\Windows\sed.exe
2014-06-28 18:00:35 256000 ----a-w- C:\Windows\PEV.exe
2014-06-28 18:00:35 208896 ----a-w- C:\Windows\MBR.exe
2014-06-28 17:30:47 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-28 17:29:37 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-28 17:29:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 17:25:29 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-26 17:23:15 -------- d-----w- C:\Users\Kistoway\AppData\Local\Blizzard
2014-06-26 16:54:26 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-06-26 16:50:22 -------- d-----w- C:\Users\Kistoway\AppData\Local\Blizzard Entertainment
2014-06-26 16:50:13 -------- d-----w- C:\Users\Kistoway\AppData\Roaming\Battle.net
2014-06-26 16:50:13 -------- d-----w- C:\Users\Kistoway\AppData\Local\Battle.net
2014-06-26 16:49:28 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-06-26 16:49:27 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-06-26 16:49:27 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-06-26 16:44:00 -------- d-----w- C:\ProgramData\Battle.net
2014-06-24 09:42:28 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-24 09:32:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-24 09:30:34 -------- d-----w- C:\AdwCleaner
2014-06-24 08:14:25 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFBC4200-AC84-4515-B4E1-21CCBD169F0B}\gapaengine.dll
2014-06-06 01:10:49 -------- d---a-w- C:\Betrayal at Krondor
2014-06-04 20:30:08 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-06-04 20:30:05 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-04 20:30:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-04 20:30:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-04 20:24:42 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-06-04 20:23:59 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2014-06-04 20:04:05 -------- d-s---w- C:\Windows\System32\CompatTel
2014-06-04 18:35:39 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-06-04 18:35:39 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-06-04 18:35:35 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-06-04 18:35:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-06-04 18:15:43 -------- d-----w- C:\Windows\Migration
2014-06-04 17:42:33 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-04 17:42:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-04 16:37:13 -------- d-----w- C:\Windows\System32\MRT
2014-06-04 15:34:47 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-06-04 15:34:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-06-04 15:34:45 800768 ----a-w- C:\Windows\System32\usp10.dll
2014-06-04 15:34:45 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-04 15:34:42 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-06-04 15:34:42 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-06-04 15:34:41 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-06-04 15:34:40 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-06-04 15:33:07 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-06-04 15:33:06 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-06-04 15:31:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-06-04 15:31:27 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-06-04 15:31:27 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-06-04 15:31:26 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-06-04 15:31:26 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-06-04 15:31:24 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-06-04 15:28:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-06-04 15:28:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-06-04 15:28:19 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-06-04 15:28:18 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-06-04 15:28:14 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-06-04 15:28:14 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-06-04 15:27:37 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-06-04 15:27:37 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-06-04 15:27:36 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-06-04 15:27:36 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-06-04 15:27:35 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-06-04 15:27:27 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-06-04 15:27:27 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-06-04 15:25:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-06-04 15:25:22 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-06-04 15:25:22 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-06-04 15:25:19 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-06-04 15:25:19 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-06-04 15:24:39 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-06-04 15:24:38 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-06-04 15:24:35 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-06-04 15:24:35 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-06-04 15:24:35 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-06-04 15:24:34 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-06-04 15:24:34 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-06-04 15:24:14 111448 ----a-w- C:\Windows\System32\consent.exe
2014-06-04 15:24:13 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-06-04 15:23:33 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-06-04 15:23:33 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-06-04 15:21:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-06-04 15:20:50 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-06-04 15:20:50 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-06-04 15:20:07 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-04 15:20:07 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-04 15:19:34 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-04 15:19:33 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-06-04 15:19:33 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-06-04 15:16:50 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-06-04 15:16:49 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2014-06-04 15:16:49 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-06-04 14:55:40 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-06-04 14:54:26 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-06-04 14:54:26 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-06-04 14:54:25 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-06-04 14:54:25 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2014-06-04 14:54:25 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-06-04 14:54:25 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-06-04 14:54:24 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2014-06-04 14:52:54 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-06-04 14:50:01 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-06-04 14:50:00 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-06-04 14:50:00 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-06-04 14:49:59 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-06-04 14:49:58 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-06-04 14:49:11 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-06-04 14:47:27 -------- d-----w- C:\Users\Kistoway\AppData\Roaming\AVAST Software
2014-06-04 13:18:33 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-06-04 13:18:33 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-06-04 13:18:33 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-06-04 13:18:33 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-06-04 13:18:33 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1401887964981
2014-06-04 13:18:33 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-06-04 13:18:33 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-06-04 13:18:33 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-06-04 13:18:33 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1401887964981
2014-06-04 13:18:33 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-06-04 13:17:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-04 13:15:58 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-06-04 13:13:55 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-04 13:13:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
.
==================== Find3M  ====================
.
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:08:13.26 ===============
Attached File  attach.txt   9.92KB   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 05 July 2014 - 07:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 Kistoway

Kistoway
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 05 July 2014 - 08:39 AM

I also tried running RougeKiller but every time I try the Plug and Play service crashes and Windows forces a reboot. 

 

Attached File  Addition.txt   28.43KB   1 downloads

 

AdwCleaner

 
# AdwCleaner v3.214 - Report created 05/07/2014 at 09:01:12
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kistoway - KISTOWAY-PC
# Running from : C:\Users\Kistoway\Desktop\adwcleaner_3.214.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401834386701&tguid=80415-23890-1401834386701-5DE7B7B3466277F09F46EE6086794762&q={searchTerms}
Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5AAEE8039A8088BC&affID=119351&tt=150713_ctrl&tsp=4944
Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5AAEE8039A8088BC&affID=119351&tt=150713_ctrl&tsp=4944
Found [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=final+fantasy&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}
Found [Startup_urls] : hxxp://search.certified-toolbar.com?si=80415&st=home&tid=23890&ver=6.3&ts=1401834386701&tguid=80415-23890-1401834386701-5DE7B7B3466277F09F46EE6086794762
 
*************************
 
AdwCleaner[R0].txt - [10533 octets] - [24/06/2014 05:31:22]
AdwCleaner[R1].txt - [1078 octets] - [26/06/2014 12:49:21]
AdwCleaner[R2].txt - [1199 octets] - [28/06/2014 11:49:49]
AdwCleaner[R3].txt - [2132 octets] - [03/07/2014 06:25:07]
AdwCleaner[R4].txt - [1932 octets] - [05/07/2014 09:01:12]
AdwCleaner[S0].txt - [9279 octets] - [24/06/2014 05:35:40]
AdwCleaner[S1].txt - [1500 octets] - [26/06/2014 12:55:57]
AdwCleaner[S2].txt - [2209 octets] - [03/07/2014 06:29:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2172 octets] ##########
 
Farbar
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
Ran by Kistoway (administrator) on KISTOWAY-PC on 05-07-2014 09:17:40
Running from C:\Users\Kistoway\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2012-11-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
Startup: C:\Users\Kistoway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kistoway\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5614227F5BB4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Goodshop app - {A1A641F2-E7F3-4194-A420-A0EF36CD022F} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{776244C8-BA5F-4EE8-8B66-E4CA025F546A}] - C:\Program Files (x86)\Goodshop app\Firefox
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://mysearch.avg.com/?cid={A17EFCF4-74A3-4681-ABC9-6CE94AA73CBA}&mid=c32fea64581f47d0ad25394adc64614e-8e216fb624089097ae56528632de9aaf12ffb49c&lang=en&ds=ft013&pr=sa&d=2013-06-24 14:20:54&v=15.2.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://www.goodsearch.com/", "https://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Goodshop app) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd [2013-11-18]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-04]
CHR HKLM-x32\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-04] (AVAST Software)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Update Service for Goodshop app; C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe [685040 2013-10-30] ()
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-04] ()
S3 Darusb_win7x; C:\Windows\System32\DRIVERS\Darusb_win7x.sys [769024 2009-12-05] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usj; C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [89560 2013-03-08] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys F59A32A90C4F96189CD74473F7BE572B
C:\Windows\System32\DRIVERS\atikmpag.sys 0327723D45A7BB7C1FE4835EB784AC61
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys BB4FE7889DB9CBBE61A308E99697F53C
C:\Windows\System32\DRIVERS\amd_xata.sys 5631CBA53F1CBEA3F9E88348E6723391
C:\Windows\System32\DRIVERS\AMPPAL.sys 3BC90482A834F998C3B7A9C934A20342
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7
C:\Windows\system32\drivers\aswKbd.sys 60DD9BDD4F96FC4A1E4F528BC70EB630
C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98
C:\Windows\System32\DRIVERS\aswNdisFlt.sys FE0B110550DCF3FD0615E14C550ADDAF
C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB
C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F
C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED
C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2
C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676
C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 1301EDF445816792C5A9BE89711DF1DF
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Darusb_win7x.sys 882FE32D6787C124D9D1F95473CF11CC
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 98B103D1D5C426A10219437E36E03FE8
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C7124DA48E557D8F88D0D7F1254557F4
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\Drivers\SABI.sys 62DB6CC4B0818F1B5F3441241B098F12
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys B7037444DC5138FC7D3D3968B4DE5C4B
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\AeriaGames\EdenEternal\avital\ussjcs64.sys 659BA43F61FC37609288A5340A8D37D4
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-05 09:17 - 2014-07-05 09:18 - 00030499 _____ () C:\Users\Kistoway\Desktop\FRST.txt
2014-07-05 09:17 - 2014-07-05 09:17 - 00000000 ____D () C:\Users\Kistoway\Desktop\FRST-OlderVersion
2014-07-05 09:11 - 2014-07-05 09:11 - 00002252 _____ () C:\Users\Kistoway\Desktop\AdwCleaner[R0].txt
2014-07-03 22:08 - 2014-07-03 22:09 - 00010161 _____ () C:\Users\Kistoway\Desktop\attach.txt
2014-07-03 22:08 - 2014-07-03 22:08 - 00022837 _____ () C:\Users\Kistoway\Desktop\dds.txt
2014-07-03 22:05 - 2014-07-03 22:05 - 00688992 ____R (Swearware) C:\Users\Kistoway\Downloads\dds.com
2014-07-03 06:34 - 2014-07-05 09:17 - 00000000 ____D () C:\FRST
2014-07-03 06:23 - 2014-07-03 06:23 - 05283416 _____ () C:\Users\Kistoway\Desktop\RogueKillerX64.exe
2014-07-03 06:22 - 2014-07-05 09:17 - 02084352 _____ (Farbar) C:\Users\Kistoway\Desktop\FRST64.exe
2014-07-03 06:21 - 2014-07-03 06:22 - 01346519 _____ () C:\Users\Kistoway\Desktop\adwcleaner_3.214.exe
2014-07-02 23:47 - 2014-07-02 23:47 - 00000052 _____ () C:\Users\Kistoway\Documents\kjkklklj.txt
2014-07-01 22:35 - 2014-07-01 22:35 - 00024200 _____ () C:\Users\Kistoway\Downloads\character sheet.zip
2014-07-01 01:54 - 2014-07-01 01:54 - 00002352 _____ () C:\fjf.txt
2014-06-29 15:56 - 2014-07-05 09:14 - 00000504 _____ () C:\Windows\setupact.log
2014-06-29 15:56 - 2014-06-29 15:56 - 00304424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-29 15:56 - 2014-06-29 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 15:55 - 2014-07-05 09:14 - 18739816 _____ () C:\Windows\PFRO.log
2014-06-29 15:49 - 2014-06-29 15:57 - 00067936 _____ () C:\Users\Kistoway\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-29 08:17 - 2014-06-29 08:17 - 00000121 _____ () C:\Users\Kistoway\Documents\debug.log
2014-06-29 07:40 - 2014-06-29 07:40 - 00273842 _____ () C:\Users\Kistoway\Documents\Kirius.dnd4e
2014-06-28 17:55 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\SmartDraw
2014-06-28 17:55 - 2014-06-28 17:55 - 00003660 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2014-06-28 17:55 - 2014-06-28 17:55 - 00003652 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2014-06-28 17:55 - 2014-06-28 17:55 - 00000645 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI.lnk
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\Users\Kistoway\Documents\SmartDraw
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\Users\Kistoway\AppData\System
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2014-06-28 17:53 - 2014-06-28 17:55 - 00000000 ____D () C:\SmartDraw CI
2014-06-28 15:32 - 2014-06-28 15:44 - 00000000 ____D () C:\ComboFix
2014-06-28 14:00 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-28 14:00 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-28 14:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-28 14:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-28 14:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-28 14:00 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-28 14:00 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-28 14:00 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-28 13:49 - 2014-06-28 15:44 - 00000000 ____D () C:\Qoobox
2014-06-28 13:49 - 2014-06-28 15:03 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 13:30 - 2014-07-05 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 13:29 - 2014-06-28 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 13:29 - 2014-06-28 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 13:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-28 13:25 - 2014-07-01 01:42 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-26 13:23 - 2014-06-26 13:23 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Blizzard
2014-06-26 12:54 - 2014-07-02 23:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-26 12:54 - 2014-06-26 12:54 - 00001183 _____ () C:\Users\Public\Desktop\Hearth stone.lnk
2014-06-26 12:54 - 2014-06-26 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-06-26 12:50 - 2014-07-04 11:23 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Battle.net
2014-06-26 12:50 - 2014-06-26 12:53 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\Battle.net
2014-06-26 12:50 - 2014-06-26 12:50 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Blizzard Entertainment
2014-06-26 12:49 - 2014-06-26 12:50 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-26 12:49 - 2014-06-26 12:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-26 12:44 - 2014-06-26 12:44 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-24 05:42 - 2014-06-24 05:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-24 05:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 05:30 - 2014-07-05 09:12 - 00000000 ____D () C:\AdwCleaner
2014-06-24 05:22 - 2014-06-24 05:22 - 00050477 _____ () C:\Users\Kistoway\Downloads\Defogger.exe
2014-06-24 05:22 - 2014-06-24 05:22 - 00000000 _____ () C:\Users\Kistoway\defogger_reenable
2014-06-22 16:26 - 2014-06-22 16:26 - 00321486 ____S () C:\Windows\system32\augxio.oaa
2014-06-19 13:46 - 2014-06-19 15:22 - 00000000 ____D () C:\Users\Kistoway\Documents\Medical Files
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\Betrayal at Krondor
2014-06-05 21:09 - 2014-06-05 21:09 - 08871586 _____ () C:\Users\Kistoway\Downloads\betrayal-at-krondor.zip
 
==================== One Month Modified Files and Folders =======
 
2014-07-05 09:18 - 2014-07-05 09:17 - 00030499 _____ () C:\Users\Kistoway\Desktop\FRST.txt
2014-07-05 09:18 - 2014-02-06 10:14 - 01322369 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 09:17 - 2014-07-05 09:17 - 00000000 ____D () C:\Users\Kistoway\Desktop\FRST-OlderVersion
2014-07-05 09:17 - 2014-07-03 06:34 - 00000000 ____D () C:\FRST
2014-07-05 09:17 - 2014-07-03 06:22 - 02084352 _____ (Farbar) C:\Users\Kistoway\Desktop\FRST64.exe
2014-07-05 09:16 - 2014-06-28 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 09:16 - 2014-05-14 14:58 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\DropboxMaster
2014-07-05 09:16 - 2012-10-27 15:26 - 00000000 ___RD () C:\Users\Kistoway\Desktop\Dropbox
2014-07-05 09:16 - 2012-10-27 15:23 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\Dropbox
2014-07-05 09:16 - 2012-10-27 11:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 09:15 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 09:14 - 2014-06-29 15:56 - 00000504 _____ () C:\Windows\setupact.log
2014-07-05 09:14 - 2014-06-29 15:55 - 18739816 _____ () C:\Windows\PFRO.log
2014-07-05 09:12 - 2014-06-24 05:30 - 00000000 ____D () C:\AdwCleaner
2014-07-05 09:11 - 2014-07-05 09:11 - 00002252 _____ () C:\Users\Kistoway\Desktop\AdwCleaner[R0].txt
2014-07-05 08:37 - 2012-10-27 11:58 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 11:45 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 11:45 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 11:42 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 11:23 - 2014-06-26 12:50 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Battle.net
2014-07-04 07:35 - 2014-06-04 09:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-04 00:53 - 2013-03-09 04:48 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\vlc
2014-07-03 22:09 - 2014-07-03 22:08 - 00010161 _____ () C:\Users\Kistoway\Desktop\attach.txt
2014-07-03 22:08 - 2014-07-03 22:08 - 00022837 _____ () C:\Users\Kistoway\Desktop\dds.txt
2014-07-03 22:05 - 2014-07-03 22:05 - 00688992 ____R (Swearware) C:\Users\Kistoway\Downloads\dds.com
2014-07-03 14:22 - 2012-11-01 23:40 - 00837632 ___SH () C:\Users\Kistoway\Desktop\Thumbs.db
2014-07-03 06:23 - 2014-07-03 06:23 - 05283416 _____ () C:\Users\Kistoway\Desktop\RogueKillerX64.exe
2014-07-03 06:22 - 2014-07-03 06:21 - 01346519 _____ () C:\Users\Kistoway\Desktop\adwcleaner_3.214.exe
2014-07-02 23:48 - 2013-06-19 12:04 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\dvdcss
2014-07-02 23:47 - 2014-07-02 23:47 - 00000052 _____ () C:\Users\Kistoway\Documents\kjkklklj.txt
2014-07-02 23:40 - 2014-06-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-01 22:35 - 2014-07-01 22:35 - 00024200 _____ () C:\Users\Kistoway\Downloads\character sheet.zip
2014-07-01 01:54 - 2014-07-01 01:54 - 00002352 _____ () C:\fjf.txt
2014-07-01 01:42 - 2014-06-28 13:25 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-01 01:22 - 2013-01-26 02:45 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\CrashDumps
2014-06-29 18:01 - 2013-06-24 14:17 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.72
2014-06-29 15:57 - 2014-06-29 15:49 - 00067936 _____ () C:\Users\Kistoway\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-29 15:56 - 2014-06-29 15:56 - 00304424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-29 15:56 - 2014-06-29 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 15:49 - 2014-03-12 02:15 - 00000067 _____ () C:\Users\Kistoway\Documents\Powers.log
2014-06-29 08:17 - 2014-06-29 08:17 - 00000121 _____ () C:\Users\Kistoway\Documents\debug.log
2014-06-29 07:40 - 2014-06-29 07:40 - 00273842 _____ () C:\Users\Kistoway\Documents\Kirius.dnd4e
2014-06-28 18:38 - 2012-10-27 11:44 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 18:10 - 2014-06-28 17:55 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\SmartDraw
2014-06-28 17:55 - 2014-06-28 17:55 - 00003660 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2014-06-28 17:55 - 2014-06-28 17:55 - 00003652 _____ () C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2014-06-28 17:55 - 2014-06-28 17:55 - 00000645 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI.lnk
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\Users\Kistoway\Documents\SmartDraw
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\Users\Kistoway\AppData\System
2014-06-28 17:55 - 2014-06-28 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2014-06-28 17:55 - 2014-06-28 17:53 - 00000000 ____D () C:\SmartDraw CI
2014-06-28 17:49 - 2012-10-27 00:09 - 00000000 ____D () C:\Users\Kistoway\Documents\Misc files
2014-06-28 15:46 - 2009-07-14 01:08 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 15:44 - 2014-06-28 15:32 - 00000000 ____D () C:\ComboFix
2014-06-28 15:44 - 2014-06-28 13:49 - 00000000 ____D () C:\Qoobox
2014-06-28 15:41 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-28 15:13 - 2013-08-07 09:46 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Unity
2014-06-28 15:05 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-28 15:03 - 2014-06-28 13:49 - 00000000 ____D () C:\Windows\erdnt
2014-06-28 14:02 - 2012-11-29 07:54 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Microsoft Games
2014-06-28 14:01 - 2013-03-17 09:55 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-28 14:01 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-28 13:29 - 2014-06-28 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 13:29 - 2014-06-28 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 13:29 - 2014-01-05 17:00 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\Malwarebytes
2014-06-28 13:29 - 2014-01-05 16:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 13:29 - 2014-01-05 16:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-28 11:57 - 2014-03-27 23:34 - 00002329 _____ () C:\Users\Kistoway\Desktop\Dosbox.lnk
2014-06-28 11:48 - 2012-11-02 06:29 - 00000000 ____D () C:\Users\Kistoway\Downloads\Themes
2014-06-26 13:23 - 2014-06-26 13:23 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Blizzard
2014-06-26 12:54 - 2014-06-26 12:54 - 00001183 _____ () C:\Users\Public\Desktop\Hearth stone.lnk
2014-06-26 12:54 - 2014-06-26 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-06-26 12:53 - 2014-06-26 12:50 - 00000000 ____D () C:\Users\Kistoway\AppData\Roaming\Battle.net
2014-06-26 12:50 - 2014-06-26 12:50 - 00000000 ____D () C:\Users\Kistoway\AppData\Local\Blizzard Entertainment
2014-06-26 12:50 - 2014-06-26 12:49 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-26 12:50 - 2014-06-26 12:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-26 12:44 - 2014-06-26 12:44 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-24 05:44 - 2014-06-24 05:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-24 05:22 - 2014-06-24 05:22 - 00050477 _____ () C:\Users\Kistoway\Downloads\Defogger.exe
2014-06-24 05:22 - 2014-06-24 05:22 - 00000000 _____ () C:\Users\Kistoway\defogger_reenable
2014-06-24 05:22 - 2012-10-26 00:03 - 00000000 ____D () C:\Users\Kistoway
2014-06-23 17:48 - 2013-05-01 23:04 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-22 18:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-22 16:26 - 2014-06-22 16:26 - 00321486 ____S () C:\Windows\system32\augxio.oaa
2014-06-22 16:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-21 21:32 - 2012-10-27 11:58 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 21:32 - 2012-10-27 11:58 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 15:22 - 2014-06-19 13:46 - 00000000 ____D () C:\Users\Kistoway\Documents\Medical Files
2014-06-05 21:10 - 2014-06-05 21:10 - 00000000 ____D () C:\Betrayal at Krondor
2014-06-05 21:10 - 2013-03-07 15:10 - 00000000 ____D () C:\AeriaGames
2014-06-05 21:09 - 2014-06-05 21:09 - 08871586 _____ () C:\Users\Kistoway\Downloads\betrayal-at-krondor.zip
2014-06-05 20:40 - 2013-06-24 14:20 - 00000000 ____D () C:\ARENA
2014-06-05 14:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
 
Some content of TEMP:
====================
C:\Users\Kistoway\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2ckily.dll
C:\Users\Kistoway\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsgf3iu.dll
C:\Users\Kistoway\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0528384 ____A (Microsoft Corporation) C5DFCAC4191A9EAE7F9D0C77AFBD4C86
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {af209f4f-1eb2-11e2-aad3-f61eaa9663c0}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {af209f51-1eb2-11e2-aad3-f61eaa9663c0}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {af209f4f-1eb2-11e2-aad3-f61eaa9663c0}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {af209f51-1eb2-11e2-aad3-f61eaa9663c0}
device                  ramdisk=[C:]\Recovery\af209f51-1eb2-11e2-aad3-f61eaa9663c0\Winre.wim,{af209f52-1eb2-11e2-aad3-f61eaa9663c0}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\af209f51-1eb2-11e2-aad3-f61eaa9663c0\Winre.wim,{af209f52-1eb2-11e2-aad3-f61eaa9663c0}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {af209f4f-1eb2-11e2-aad3-f61eaa9663c0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {af209f52-1eb2-11e2-aad3-f61eaa9663c0}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\af209f51-1eb2-11e2-aad3-f61eaa9663c0\boot.sdi
 
 
 
LastRegBack: 2014-06-28 21:26
 
==================== End Of Log ============================
 
 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 05 July 2014 - 09:44 AM

If not already done, please run the AdwCleaner tool and fix all the items found.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
() C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Goodshop app - {A1A641F2-E7F3-4194-A420-A0EF36CD022F} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll ()
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{776244C8-BA5F-4EE8-8B66-E4CA025F546A}] - C:\Program Files (x86)\Goodshop app\Firefox
CHR StartupUrls: "hxxp://mysearch.avg.com/?cid={A17EFCF4-74A3-4681-ABC9-6CE94AA73CBA}&mid=c32fea64581f47d0ad25394adc64614e-8e216fb624089097ae56528632de9aaf12ffb49c&lang=en&ds=ft013&pr=sa&d=2013-06-24 14:20:54&v=15.2.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://www.goodsearch.com/", "https://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (Goodshop app) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd [2013-11-18]
CHR HKCU\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
CHR HKLM-x32\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
R2 Update Service for Goodshop app; C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe [685040 2013-10-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
C:\Program Files (x86)\Goodshop app
Task: {41E58C57-DC3B-47B5-A01C-0EBFD19C98E2} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {962DBF86-68BD-4935-A122-E2F4834856E9} - System32\Tasks\{D70E25EF-D02C-48FF-A639-6AC85E0371D8} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {B4684947-7F2C-4BC1-BE9A-74EF8C1EEBBE} - System32\Tasks\{3515C1E2-14CC-4490-BC91-BC02E0C4F463} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {CC541D77-B9E9-445B-B2B4-9BD508B0D216} - System32\Tasks\{62496E6F-D79B-4007-B34F-62B466D5A253} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {D3048B2C-A0B3-418A-BE9C-D3128ABA3DA1} - \DSite No Task File <==== ATTENTION
Task: {E0C87698-BC60-4D9C-ACF9-159C476BD741} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 Kistoway

Kistoway
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 07 July 2014 - 12:49 AM

I ran the AdwCleaner and fixed all items found.
 
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
Ran by Kistoway at 2014-07-06 00:50:43 Run:1
Running from C:\Users\Kistoway\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
() C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: Goodshop app - {A1A641F2-E7F3-4194-A420-A0EF36CD022F} - C:\Program Files (x86)\Goodshop app\Basement\Extension32.dll ()
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{776244C8-BA5F-4EE8-8B66-E4CA025F546A}] - C:\Program Files (x86)\Goodshop app\Firefox
CHR StartupUrls: "hxxp://mysearch.avg.com/?cid={A17EFCF4-74A3-4681-ABC9-6CE94AA73CBA}&mid=c32fea64581f47d0ad25394adc64614e-8e216fb624089097ae56528632de9aaf12ffb49c&lang=en&ds=ft013&pr=sa&d=2013-06-24 14:20:54&v=15.2.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://www.goodsearch.com/", "https://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (Goodshop app) - C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd [2013-11-18]
CHR HKCU\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
CHR HKLM-x32\...\Chrome\Extension: [hhoibbfmmdpignilmknhhcagdapcncnd] - C:\Program Files (x86)\Goodshop app\Chrome.crx [2013-11-04]
R2 Update Service for Goodshop app; C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe [685040 2013-10-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
C:\Program Files (x86)\Goodshop app
Task: {41E58C57-DC3B-47B5-A01C-0EBFD19C98E2} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {962DBF86-68BD-4935-A122-E2F4834856E9} - System32\Tasks\{D70E25EF-D02C-48FF-A639-6AC85E0371D8} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {B4684947-7F2C-4BC1-BE9A-74EF8C1EEBBE} - System32\Tasks\{3515C1E2-14CC-4490-BC91-BC02E0C4F463} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {CC541D77-B9E9-445B-B2B4-9BD508B0D216} - System32\Tasks\{62496E6F-D79B-4007-B34F-62B466D5A253} => C:\Users\Kistoway\AppData\Local\Temp\real\SETUP.EXE <==== ATTENTION
Task: {D3048B2C-A0B3-418A-BE9C-D3128ABA3DA1} - \DSite No Task File <==== ATTENTION
Task: {E0C87698-BC60-4D9C-ACF9-159C476BD741} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
End
*****************
 
[2104] C:\Program Files (x86)\Goodshop app\Basement\ExtensionUpdaterService.exe => Process closed successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1A641F2-E7F3-4194-A420-A0EF36CD022F}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{A1A641F2-E7F3-4194-A420-A0EF36CD022F}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
'HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}' => Key deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{776244C8-BA5F-4EE8-8B66-E4CA025F546A} => value deleted successfully.
CHR StartupUrls: "hxxp://mysearch.avg.com/?cid={A17EFCF4-74A3-4681-ABC9-6CE94AA73CBA}&mid=c32fea64581f47d0ad25394adc64614e-8e216fb624089097ae56528632de9aaf12ffb49c&lang=en&ds=ft013&pr=sa&d=2013-06-24 14:20:54&v=15.2.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://www.goodsearch.com/", "https://www.yahoo.com?fr=hp-avast&type=avastbcl" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Kistoway\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd => Moved successfully.
'HKCU\SOFTWARE\Google\Chrome\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd' => Key deleted successfully.
C:\Program Files (x86)\Goodshop app\Chrome.crx => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hhoibbfmmdpignilmknhhcagdapcncnd' => Key deleted successfully.
"C:\Program Files (x86)\Goodshop app\Chrome.crx" => File/Directory not found.
Update Service for Goodshop app => Service deleted successfully.
catchme => Service deleted successfully.
ssnfd => Service deleted successfully.
C:\Program Files (x86)\Goodshop app => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41E58C57-DC3B-47B5-A01C-0EBFD19C98E2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41E58C57-DC3B-47B5-A01C-0EBFD19C98E2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{962DBF86-68BD-4935-A122-E2F4834856E9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{962DBF86-68BD-4935-A122-E2F4834856E9}' => Key deleted successfully.
C:\Windows\System32\Tasks\{D70E25EF-D02C-48FF-A639-6AC85E0371D8} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D70E25EF-D02C-48FF-A639-6AC85E0371D8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4684947-7F2C-4BC1-BE9A-74EF8C1EEBBE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4684947-7F2C-4BC1-BE9A-74EF8C1EEBBE}' => Key deleted successfully.
C:\Windows\System32\Tasks\{3515C1E2-14CC-4490-BC91-BC02E0C4F463} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3515C1E2-14CC-4490-BC91-BC02E0C4F463}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC541D77-B9E9-445B-B2B4-9BD508B0D216}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC541D77-B9E9-445B-B2B4-9BD508B0D216}' => Key deleted successfully.
C:\Windows\System32\Tasks\{62496E6F-D79B-4007-B34F-62B466D5A253} => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62496E6F-D79B-4007-B34F-62B466D5A253}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3048B2C-A0B3-418A-BE9C-D3128ABA3DA1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3048B2C-A0B3-418A-BE9C-D3128ABA3DA1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0C87698-BC60-4D9C-ACF9-159C476BD741}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C87698-BC60-4D9C-ACF9-159C476BD741}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
 
==== End of Fixlog ====
 
Security Check appears to be getting stuck on ''Performing System Health Check'', no errors and I am running it as Administrator.  Not sure how long it should be taking to complete but it's been sitting with the same message for about 15 minutes now.  I'm going to let it run and check it around 9am EST.  So far I am still having the problem though

Edited by Kistoway, 07 July 2014 - 12:50 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 07 July 2014 - 06:34 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns

#9 Kistoway

Kistoway
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 07 July 2014 - 06:23 PM

Ran the ipconfig /flushdns command.  Security Check also completed, I am still getting the alerts from Avast and Malwarebytes

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 08 July 2014 - 08:47 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Malwarebyte is working well, If you are seeing a message each time it blocks an IP, you can disable that action.

To disable the popups
1. Open Malwarebytes
2. Click on the Protection tab
3. Uncheck/untick the last item
"Show tooltip balloon when malicious website is blocked"
4. Click the exit button rather than the X at the top right to close the window.

They may also be such a control in AVAST not sure I never used it.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 14 July 2014 - 08:12 AM

Are you still with me?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 20 July 2014 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users