Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop log re: "body4u" and "asnbm" malware


  • Please log in to reply
14 replies to this topic

#1 stuffandthings

stuffandthings

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 30 June 2014 - 12:26 AM

This is in reference to this post here:

http://www.bleepingcomputer.com/forums/t/538051/regarding-my-body4udiymyricecom-post-post-reformat-logs/

 

This is a log just for the desktop computer.  I think the tablet is probably just fine.  It hasn't been used much, never had peerblock or my VPN or many addons on the browser, and was only plugged into the modem for about 2 minutes, but if you think it should be checked anyway (as it was on the wifi for some time) please let me know.

 

I am waiting patiently for my post in the networking forum regarding my modem and router issues to be reponded to. 

 

 

 

Here is my FRST log as requested by Nasdaq:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Dr. Chill (administrator) on CHILLPC on 30-06-2014 01:17:12
Running from C:\Users\Dr. Chill\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Dr. Chill\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884064 2011-11-14] (Affinegy, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\Run: [Google Update] => C:\Users\Dr. Chill\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-06] (Google Inc.)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-03] (Valve Corporation)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {44e15536-e68c-11e1-a6d5-a962bb588fa0} - O:\setup.exe -a
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {579fbadd-a902-11e1-acb9-2c27d7378864} - J:\iStudio.exe
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {990cf1d7-7ebd-11e3-9f8f-2c27d7378864} - K:\Setup.exe
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {990cf1ea-7ebd-11e3-9f8f-2c27d7378864} - K:\Setup.exe
Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigsamo.com/start
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MrFroggy Class - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&CUI=UN36529998190383006&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dr. Chill\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dr. Chill\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Chill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Chill\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: NetVideoHunter - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\netvideohunter@netvideohunter.com [2013-12-07]
FF Extension: IMVU Inc  - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2014-06-08]
FF Extension: DownloadHelper - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-17]
FF Extension: FoxLingo - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-15]
FF Extension: Ghostery - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: NoSquint - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\nosquint@urandom.ca.xpi [2011-12-31]
FF Extension: SkipScreen - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\SkipScreen@SkipScreen.xpi [2011-12-31]
FF Extension: The Addon Bar (restored) - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-06-08]
FF Extension: Screengrab  (fix version) - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-06-08]
FF Extension: Image Zoom - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2011-12-31]
FF Extension: AddonFox - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-12-31]
FF Extension: Adblock Plus - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-31]
FF Extension: Tab Mix Plus - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-12-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-31]

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-08] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-08] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-08] ()
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [File not signed]
S3 OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 01:17 - 2014-06-30 01:18 - 00022960 _____ () C:\Users\Dr. Chill\Desktop\FRST.txt
2014-06-30 01:17 - 2014-06-30 01:17 - 00000000 ____D () C:\FRST
2014-06-30 01:15 - 2014-06-30 01:15 - 02083328 _____ (Farbar) C:\Users\Dr. Chill\Desktop\FRST64.exe
2014-06-16 18:42 - 2014-06-16 18:42 - 00688992 _____ (Swearware) C:\Users\Celia\Downloads\dds.com
2014-06-16 07:47 - 2014-06-30 01:08 - 00000706 _____ () C:\Windows\setupact.log
2014-06-16 07:47 - 2014-06-16 07:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-16 07:43 - 2014-06-17 06:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007UA.job
2014-06-16 07:43 - 2014-06-16 07:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007Core.job
2014-06-16 07:43 - 2014-06-16 07:44 - 00000000 ____D () C:\Users\Celia\AppData\Local\Google
2014-06-16 07:43 - 2014-06-16 07:43 - 00918672 _____ (Google Inc.) C:\Users\Celia\Downloads\GoogleVoiceAndVideoSetup.exe
2014-06-16 07:43 - 2014-06-16 07:43 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007UA
2014-06-16 07:43 - 2014-06-16 07:43 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007Core
2014-06-16 07:22 - 2014-06-16 07:22 - 00000375 _____ () C:\Users\Celia\Desktop\programs.txt
2014-06-11 04:25 - 2014-06-11 04:25 - 00000000 ____D () C:\Users\chris
2014-06-09 15:25 - 2014-06-09 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-06-09 15:24 - 2014-06-09 15:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-09 15:24 - 2014-06-09 15:24 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-06-09 15:10 - 2014-06-09 17:46 - 00000000 ____D () C:\ProgramData\TrackMania
2014-06-09 15:09 - 2014-06-09 17:46 - 00000000 ____D () C:\Users\Celia\Documents\TrackMania
2014-06-09 15:06 - 2014-06-09 15:06 - 00001100 _____ () C:\Users\Public\Desktop\United Forever.lnk
2014-06-09 15:06 - 2014-06-09 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Titanium
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Apple Computer
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Local\Apple Computer
2014-06-09 05:52 - 2014-06-09 23:07 - 00003156 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-06-09 05:52 - 2014-06-09 23:07 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-09 05:52 - 2014-06-09 05:52 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-06-09 05:52 - 2014-06-09 05:52 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-06-09 05:51 - 2014-06-09 05:51 - 00006837 _____ () C:\Users\Celia\Desktop\PIA VPN.lnk
2014-06-09 05:22 - 2014-06-09 15:06 - 00000000 ____D () C:\Program Files (x86)\TmUnitedForever
2014-06-08 23:08 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-08 23:08 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-08 23:08 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-08 23:08 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-08 23:08 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-08 23:08 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-08 21:17 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-08 21:17 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-08 21:17 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-08 21:17 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-08 21:17 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-08 21:17 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-08 21:17 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-08 21:17 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-08 21:16 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-08 21:16 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-08 21:16 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-08 21:16 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-08 21:16 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-08 21:16 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-08 21:16 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-08 21:16 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-08 21:16 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-08 21:16 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-08 21:16 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-08 21:16 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-08 21:16 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-08 21:16 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-08 21:16 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-08 21:16 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-08 21:16 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-08 21:16 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-08 21:16 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-08 21:16 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-08 21:16 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-08 21:16 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-08 21:16 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-08 21:16 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-08 21:16 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-08 21:16 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-08 21:16 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-08 21:16 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-08 21:16 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-08 21:16 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-08 21:16 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-08 21:16 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-08 21:16 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-08 21:16 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-08 21:16 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-08 21:16 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-08 20:53 - 2014-06-08 20:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 13:21 - 2014-06-08 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-08 13:17 - 2014-06-08 13:17 - 00002001 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-08 13:16 - 2014-06-08 13:17 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-08 13:16 - 2014-06-08 13:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-08 13:16 - 2014-06-08 13:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-08 13:09 - 2014-06-08 13:11 - 00000000 ____D () C:\Users\Dr. Chill\Desktop\fix  session
2014-06-07 03:35 - 2014-06-07 03:35 - 00000000 ____D () C:\Users\Celia\AppData\Local\Skype
2014-06-07 03:34 - 2014-06-07 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-06-30 01:18 - 2014-06-30 01:17 - 00022960 _____ () C:\Users\Dr. Chill\Desktop\FRST.txt
2014-06-30 01:17 - 2014-06-30 01:17 - 00000000 ____D () C:\FRST
2014-06-30 01:15 - 2014-06-30 01:15 - 02083328 _____ (Farbar) C:\Users\Dr. Chill\Desktop\FRST64.exe
2014-06-30 01:14 - 2012-01-06 13:29 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000UA.job
2014-06-30 01:14 - 2012-01-06 13:29 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000Core.job
2014-06-30 01:13 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 01:13 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 01:11 - 2012-07-29 01:07 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-30 01:10 - 2012-01-06 13:29 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000UA
2014-06-30 01:09 - 2012-01-06 13:29 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000Core
2014-06-30 01:08 - 2014-06-16 07:47 - 00000706 _____ () C:\Windows\setupact.log
2014-06-30 01:06 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 01:03 - 2012-07-16 05:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 01:03 - 2012-03-10 17:47 - 01372800 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 01:02 - 2013-03-06 23:50 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-30 00:59 - 2012-06-26 04:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 00:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 06:48 - 2014-06-16 07:43 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007UA.job
2014-06-17 06:42 - 2012-06-26 04:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 04:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-17 04:27 - 2012-07-29 00:10 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Skype
2014-06-17 01:54 - 2012-07-24 16:13 - 00000000 ____D () C:\Back up Cecelia
2014-06-16 18:42 - 2014-06-16 18:42 - 00688992 _____ (Swearware) C:\Users\Celia\Downloads\dds.com
2014-06-16 07:48 - 2014-06-16 07:43 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007Core.job
2014-06-16 07:47 - 2014-06-16 07:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-16 07:44 - 2014-06-16 07:43 - 00000000 ____D () C:\Users\Celia\AppData\Local\Google
2014-06-16 07:44 - 2012-07-29 00:21 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Mozilla
2014-06-16 07:43 - 2014-06-16 07:43 - 00918672 _____ (Google Inc.) C:\Users\Celia\Downloads\GoogleVoiceAndVideoSetup.exe
2014-06-16 07:43 - 2014-06-16 07:43 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007UA
2014-06-16 07:43 - 2014-06-16 07:43 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007Core
2014-06-16 07:22 - 2014-06-16 07:22 - 00000375 _____ () C:\Users\Celia\Desktop\programs.txt
2014-06-15 20:58 - 2012-02-04 03:09 - 00000000 ____D () C:\Users\Dr. Chill\AppData\Local\Windows Live
2014-06-11 04:25 - 2014-06-11 04:25 - 00000000 ____D () C:\Users\chris
2014-06-09 23:26 - 2014-05-21 21:09 - 00000000 ____D () C:\Program Files\Java
2014-06-09 23:18 - 2012-04-19 00:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-09 23:18 - 2011-12-31 10:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-09 23:18 - 2011-12-31 04:46 - 00000000 ____D () C:\Users\Dr. Chill\AppData\Roaming\Mozilla
2014-06-09 23:07 - 2014-06-09 05:52 - 00003156 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-06-09 23:07 - 2014-06-09 05:52 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-09 19:35 - 2012-07-29 01:50 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\IMVU
2014-06-09 17:58 - 2012-07-29 01:50 - 00001878 _____ () C:\Users\Celia\Desktop\IMVU.lnk
2014-06-09 17:58 - 2012-07-29 01:50 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\IMVUClient
2014-06-09 17:46 - 2014-06-09 15:10 - 00000000 ____D () C:\ProgramData\TrackMania
2014-06-09 17:46 - 2014-06-09 15:09 - 00000000 ____D () C:\Users\Celia\Documents\TrackMania
2014-06-09 15:25 - 2014-06-09 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-06-09 15:24 - 2014-06-09 15:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-09 15:24 - 2014-06-09 15:24 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-06-09 15:06 - 2014-06-09 15:06 - 00001100 _____ () C:\Users\Public\Desktop\United Forever.lnk
2014-06-09 15:06 - 2014-06-09 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever
2014-06-09 15:06 - 2014-06-09 05:22 - 00000000 ____D () C:\Program Files (x86)\TmUnitedForever
2014-06-09 14:39 - 2012-07-29 14:48 - 00000000 ____D () C:\Users\Celia\Documents\Stuff
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Titanium
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Apple Computer
2014-06-09 05:54 - 2014-06-09 05:54 - 00000000 ____D () C:\Users\Celia\AppData\Local\Apple Computer
2014-06-09 05:52 - 2014-06-09 05:52 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-06-09 05:52 - 2014-06-09 05:52 - 00000000 ____D () C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-06-09 05:51 - 2014-06-09 05:51 - 00006837 _____ () C:\Users\Celia\Desktop\PIA VPN.lnk
2014-06-09 00:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-08 23:05 - 2011-02-11 13:15 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-08 21:32 - 2012-07-29 01:07 - 00001771 _____ () C:\Users\Celia\Desktop\PeerBlock.lnk
2014-06-08 21:32 - 2012-07-29 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-06-08 21:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-08 21:14 - 2012-01-17 00:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-08 20:57 - 2009-07-14 00:45 - 00417424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-08 20:55 - 2012-12-25 21:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-08 20:55 - 2012-05-27 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-08 20:55 - 2012-02-04 03:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-08 20:53 - 2014-06-08 20:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 13:41 - 2013-08-22 14:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-08 13:36 - 2012-02-02 14:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-08 13:28 - 2012-12-25 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-08 13:21 - 2014-06-08 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-08 13:17 - 2014-06-08 13:17 - 00002001 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-08 13:17 - 2014-06-08 13:16 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-08 13:17 - 2011-12-31 04:58 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-08 13:17 - 2011-12-31 04:58 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-08 13:16 - 2014-06-08 13:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-08 13:16 - 2014-06-08 13:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-08 13:16 - 2013-10-22 06:11 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-08 13:16 - 2013-10-22 06:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-08 13:16 - 2012-02-29 17:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-08 13:16 - 2011-12-31 04:58 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-08 13:16 - 2011-12-31 04:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-08 13:11 - 2014-06-08 13:09 - 00000000 ____D () C:\Users\Dr. Chill\Desktop\fix  session
2014-06-07 07:51 - 2013-10-22 19:50 - 00000857 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-07 07:51 - 2011-12-31 12:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-07 03:35 - 2014-06-07 03:35 - 00000000 ____D () C:\Users\Celia\AppData\Local\Skype
2014-06-07 03:35 - 2011-12-31 16:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 03:35 - 2011-12-31 16:08 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 03:34 - 2014-06-07 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-03 23:43 - 2011-12-31 16:09 - 00000000 ____D () C:\Users\Dr. Chill\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 05:23

==================== End Of Log ============================

 

 

 

Thanks!

 

Attached Files


If you are part of the 99%, you are automatically a part of the Occupy movement.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 30 June 2014 - 08:19 AM

Nothing malicious foud. Just removing some unwanted toolbars and some cleaning up.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
BHO-x32: MrFroggy Class - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <???????? ????????>)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
FF Extension: Screengrab (fix version) - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-06-08]
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&CUI=UN36529998190383006&UM=&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Your call if you want to submit a log for the Tablet.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 05 July 2014 - 07:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 23 July 2014 - 12:47 PM

This topic has been re-opened at the request of the person who originally posted.

#5 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 24 July 2014 - 10:48 AM

Now that I have established a working router and modem again, I went back to this post to follow your instructions.

The log didnt seem to create a file called fixlog.txt . Instead I think it made some kind of folder with another copy of FRST in it and it's called FRST-Older Version.

I assume that I need to wait until you reply before going with this any further.

I still have active body4u and asnmb pings in my peerblock roster, as well as a new one, "clitparade".  *eyeroll*

Sorry to bother you with this.

Looking forward to hearing your reply.


If you are part of the 99%, you are automatically a part of the Occupy movement.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 24 July 2014 - 12:51 PM

Please run the FRST tool normally one more time and post the log for my review.

#7 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 25 July 2014 - 09:14 AM

Here is a new FRST log, and an addition.txt attached if you need it.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Dr. Chill (administrator) on CHILLPC on 25-07-2014 10:09:04
Running from C:\Users\Dr. Chill\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884064 2011-11-14] (Affinegy, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\Run: [Google Update] => C:\Users\Dr. Chill\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-06] (Google Inc.)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {44e15536-e68c-11e1-a6d5-a962bb588fa0} - O:\setup.exe -a
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {579fbadd-a902-11e1-acb9-2c27d7378864} - J:\iStudio.exe
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {990cf1d7-7ebd-11e3-9f8f-2c27d7378864} - K:\Setup.exe
HKU\S-1-5-21-1803383695-3942738256-3741648742-1000\...\MountPoints2: {990cf1ea-7ebd-11e3-9f8f-2c27d7378864} - K:\Setup.exe
Startup: C:\Users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigsamo.com/start
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {721FE7D1-9E10-4684-8108-5C135B3C37D7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMVU Inc Toolbar -> {90b49673-5506-483e-b92b-ca0265bd9ca8} -> C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
BHO-x32: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&CUI=UN36529998190383006&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dr. Chill\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dr. Chill\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Chill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Chill\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: NetVideoHunter - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\netvideohunter@netvideohunter.com [2013-12-07]
FF Extension: IMVU Inc  - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2014-07-25]
FF Extension: DownloadHelper - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-17]
FF Extension: FoxLingo - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-15]
FF Extension: Ghostery - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: NoSquint - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\nosquint@urandom.ca.xpi [2011-12-31]
FF Extension: SkipScreen - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\SkipScreen@SkipScreen.xpi [2011-12-31]
FF Extension: Screengrab  (fix version) - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-06-08]
FF Extension: Image Zoom - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2011-12-31]
FF Extension: AddonFox - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-12-31]
FF Extension: Adblock Plus - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-31]
FF Extension: Tab Mix Plus - C:\Users\Dr. Chill\AppData\Roaming\Mozilla\Firefox\Profiles\4x3w7row.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-12-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-23] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-23] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-23] ()
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [File not signed]
S3 OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 10:06 - 2014-07-25 10:09 - 00021631 _____ () C:\Users\Dr. Chill\Desktop\FRST.txt
2014-07-25 10:04 - 2014-07-25 10:04 - 02093568 _____ (Farbar) C:\Users\Dr. Chill\Desktop\FRST64.exe
2014-07-23 12:06 - 2014-07-23 12:06 - 00854390 _____ () C:\Users\Dr. Chill\Desktop\SecurityCheck.exe
2014-07-23 11:49 - 2014-07-23 11:49 - 00001112 _____ () C:\Windows\PFRO.log
2014-07-23 11:48 - 2014-07-23 11:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-30 01:17 - 2014-07-25 10:09 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 10:09 - 2014-07-25 10:06 - 00021631 _____ () C:\Users\Dr. Chill\Desktop\FRST.txt
2014-07-25 10:09 - 2014-06-30 01:17 - 00000000 ____D () C:\FRST
2014-07-25 10:04 - 2014-07-25 10:04 - 02093568 _____ (Farbar) C:\Users\Dr. Chill\Desktop\FRST64.exe
2014-07-25 09:52 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 09:52 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 09:51 - 2012-06-26 04:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 09:48 - 2014-06-16 07:43 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1007UA.job
2014-07-25 09:48 - 2012-03-10 17:47 - 01389332 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 09:46 - 2011-12-31 16:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-25 09:45 - 2012-07-16 05:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-25 09:41 - 2012-06-26 04:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 09:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 09:40 - 2014-06-16 07:47 - 00001020 _____ () C:\Windows\setupact.log
2014-07-23 13:14 - 2012-01-06 13:29 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000UA.job
2014-07-23 12:13 - 2012-07-29 01:07 - 00000000 ____D () C:\Program Files\PeerBlock
2014-07-23 12:06 - 2014-07-23 12:06 - 00854390 _____ () C:\Users\Dr. Chill\Desktop\SecurityCheck.exe
2014-07-23 12:00 - 2011-12-31 04:25 - 00000000 ____D () C:\Users\Dr. Chill
2014-07-23 11:49 - 2014-07-23 11:49 - 00001112 _____ () C:\Windows\PFRO.log
2014-07-23 11:48 - 2014-07-23 11:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-23 11:48 - 2014-06-08 13:17 - 00002001 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-23 11:48 - 2014-06-08 13:16 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-23 11:48 - 2014-06-08 13:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-23 11:48 - 2013-10-22 06:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-23 11:48 - 2013-10-22 06:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-23 11:48 - 2012-02-29 17:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-23 11:48 - 2011-12-31 04:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-23 11:48 - 2011-12-31 04:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-23 11:48 - 2011-12-31 04:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-23 11:48 - 2011-12-31 04:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-23 11:48 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 11:46 - 2012-06-26 04:00 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-23 11:46 - 2012-06-26 04:00 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-23 11:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-30 01:27 - 2012-01-06 13:29 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000Core.job
2014-06-30 01:10 - 2012-01-06 13:29 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000UA
2014-06-30 01:09 - 2012-01-06 13:29 - 00003506 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1803383695-3942738256-3741648742-1000Core

Some content of TEMP:
====================
C:\Users\Celia\AppData\Local\Temp\GUR30FE.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 05:23

==================== End Of Log ============================

Attached Files


If you are part of the 99%, you are automatically a part of the Occupy movement.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 25 July 2014 - 10:56 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
BHO-x32: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <???????? ????????>)
BHO-x32: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&CUI=UN36529998190383006&UM=&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys [X]
C:\Users\Celia\AppData\Local\Temp\GUR30FE.exe
C:\Program Files (x86)\IMVU_Inc
C:\Program Files (x86)\Minibar
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download JavaRa

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#9 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 25 July 2014 - 11:51 AM

FRST fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by Dr. Chill at 2014-07-25 11:59:06 Run:1
Running from C:\Users\Dr. Chill\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
URLSearchHook: HKCU - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
BHO-x32: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <???????? ????????>)
BHO-x32: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&CUI=UN36529998190383006&UM=&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 OSFMount; \??\C:\Program Files\OSFMount\OSFMount.sys [X]
C:\Users\Celia\AppData\Local\Temp\GUR30FE.exe
C:\Program Files (x86)\IMVU_Inc
C:\Program Files (x86)\Minibar
End
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B49673-5506-483E-B92B-CA0265BD9CA8} => value deleted successfully.
"HKCR\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}" => Key not found.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
avast! Firewall => Error deleting Service
OSFMount => Service deleted successfully.
C:\Users\Celia\AppData\Local\Temp\GUR30FE.exe => Moved successfully.
C:\Program Files (x86)\IMVU_Inc => Moved successfully.
C:\Program Files (x86)\Minibar => Moved successfully.

==== End of Fixlog ====

 

 

 

 

 

For javara, I ran it, extracted the file to the desktop, ran it as administrator, and followed the prompts.  I got an error that said "Could not find JavaRa.def! Be sure the definition file resides in the same directory JavaRa.exe is in."

I did a search on the C drive for javara.def, but I did not come up with anything.

It then said, "Finished searching for all old versions of the JRE that were found on this system.  A logfile has been created on your system.  It is called JavaRa.log, and can be found in your main hard drive folder (C: for example).  JavaRa will now open its logfile."

This is the log:

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jul 25 12:08:18 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.



This is the security check log:

 

 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45 
 Java version out of Date!
  Adobe Flash Player 13.0.0.214 Flash Player out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox 29.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

As far as how it's running now, I am not seeing the malware on the roster as much, but it is definitely still coming through.

 

 

 

 

 

 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 25 July 2014 - 01:31 PM

Try this removal tool.

This link http://java.com/en/download/uninstallapplet.jsp will check your Java version. After the check, it offers a tool to uninstall old versions. Uninstalling old versions is important as they represent a security risk.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

Is the occasional popup in all browsers or just one.
Tell me which.

#11 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 25 July 2014 - 02:25 PM

Followed instructions for java.

 

Followed instructions for adobe reader.

 

Followed instructions for adobe flash player. 

 

Restarted computer.

 

Restarted peerblock. 

 

I am not seeing popups in browsers, I've been seeing the asnbm and body4u coming in on my peerblock roster.

 

After restarting computer, they are still present. 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 26 July 2014 - 06:08 AM

I'm not familiar with Peerblock.
I suggest you check with their experts.


http://forums.peerblock.com/index.php

#13 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 26 July 2014 - 10:16 AM

PeerBlock is a free and open source software firewall application.  It's the successor to PeerGuardian (which is only actively maintained in Linux).  It blocks incoming and outgoing connections to Internet IP addresses that are included on blacklists accessible over the internet which may be selected by the user, but also any addresses manually specified by the user.  PeerBlock mainly works in tandem with the blocklist provider iblocklist.com.

PeerBlock lets you control who your computer "talks to" on the internet.  By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries.  They can't get in to your computer, and your computer won't try to send them anything either. 

The only way I have ever known some kind of source of the problem was when my peerblock started malfunctioning in relation to my VPN that I was using at the time, and when I tried to remedy the problem like I always did (by allowing the servers through that needed to talk to my computer in order to work), that didn't seem to be working anymore, and the "body4u" and "asnbm" pings were streaming through at the same time.  Then, it seemed to make my VPN appear as though it was totally working, but when I did IP checks online, it was not working at all whatsoever.  When I did research about the suspicious activity pings, I found out about the malware, and came here to get more help.

Ever since trying to remedy this problem, my peerblock has not been showing those suspicious activities anymore, however, the program itself has been malfunctioning as I previously described.

Yes, it does stay on while my regular windows firewall is on, as well as the free version of Avast.  It never had any problem doing so up until this malware incident occurred.  I've used peerblock for years and never really had any issues with it.  As far as I'm concerned, it's a fantastic program that works well alongside other running programs on a computer.  Sometimes it just takes some tweaking to let certain things through. 

http://www.peerblock.com/

https://en.wikipedia.org/wiki/PeerBlock

 

The redirect malware is still on my desktop computer.  Your help with my notebook previous to this post removed any presence of it from my peerblock roster.  However, the attached picture is how it still appears on my desktop. 

Attached Files


Edited by stuffandthings, 26 July 2014 - 10:19 AM.

If you are part of the 99%, you are automatically a part of the Occupy movement.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:38 AM

Posted 26 July 2014 - 01:02 PM



Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails continue.



The IP in bold is your computer192.168.1.129:138

The :138, :137 and :68 are the port numbers.

Refer to this page and do the test suggested one the page.

http://www.auditmypc.com/udp-port-138.asp

===

Keep me posted.

#15 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:38 AM

Posted 27 July 2014 - 01:11 PM

I did the command prompts as you instructed.  I also uninstalled firefox and installed a fresh copy.  I then restarted my computer.

 

I'm still seeing activity on the roster. 

 

I want to do the firewall test as you suggested, but it's down on their site right now, so I'm waiting until it comes back up. 


If you are part of the 99%, you are automatically a part of the Occupy movement.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users