Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop possibly infected; credit card scam (unsure if it was done online)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Without_A_Monitor

Without_A_Monitor

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:02:08 PM

Posted 05 July 2014 - 05:14 PM

Hey, I hope that I am not being a nuisance to anyone. I recently discovered a fraudulent charge on my credit card. I found ample info online on how the company is a scam, but I don't know the charge occurred. I am wondering if there is anything on my laptop that is is some sort of attack/infection which allowed this company to find my credit card number.

I have ESET NOD32, MBAM (not purchased,) MBAR, Hitma Pro (not purchased,) AdwCleaner and JRT. JRT, MBAR, MBAM and ESET NOD32 scans/runs have found nothing. I am going to run Hitman Pro shortly in an attempt to find anything. AdwCleaner found some things, but I don't think that they are harmful. I have attached the AdwCleaner, MBAM, and MBAR logs. Please let me know if I should post any of the other logs.

Any help to check and determine if there are any infections/attacks/etc. on my laptop would be tremendously appreciated. Thank you very much in advance.













DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16555
Run by El Diego at 16:42:52 on 2014-07-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2657 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\El Diego\Downloads\bastion\ProcessExplorer\procexp.exe
C:\Users\ELDIEG~1\AppData\Local\Temp\procexp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IJNetworkScannerSelectorEX] "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Exploit] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03C25B0F-131B-42A2-A571-E9CB34374AFD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{670074EA-CE4D-4E4E-A712-4D39ECDF5F74} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
Notify: igfxcui - <no file>
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\
FF - prefs.js: browser.search.selectedEngine - Firefox Add-ons
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
FF - ExtSQL: !HIDDEN! 2010-02-28 22:46; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-24 55024]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2013-9-17 168256]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae64.sys [2014-5-8 63928]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-1-3 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-1-3 1876816]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-5-8 347448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]
R2 RtkAudioService;Realtek Audio Service;C:\Windows\RTKAUDIOSERVICE.EXE [2008-10-30 134656]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-24 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-24 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-10-31 407392]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-2-24 19968]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-10-30 36392]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2008-10-30 11392]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-4-28 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-4-28 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-10-30 300032]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-4-28 12872]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2010-2-24 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2010-2-24 353568]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2010-2-24 62752]
S3 tizeqdrv;tizeqdrv;C:\Users\El Diego\AppData\Roaming\TZAC2\tizeq64.sys [2012-7-17 171704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-10-30 391680]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-19 89920]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-07-05 19:39:49 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 06:08:40 202008 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-04 20:45:58 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-02 22:31:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-02 22:31:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-28 02:01:52 202008 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-28 01:29:26 95414520 ----a-w- C:\Windows\System32\mrt.exe
2014-06-25 20:01:42 27924 ----a-w- C:\Windows\SysWow64\drivers\MxlW2k.sys
2014-06-19 18:22:32 89304 ----a-w- C:\Windows\System32\drivers\63F24089.sys
2014-05-28 18:53:05 17857536 ----a-w- C:\Windows\System32\mshtml.dll
2014-05-28 18:37:06 2338816 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-28 18:35:43 10890240 ----a-w- C:\Windows\System32\ieframe.dll
2014-05-28 18:31:53 1348608 ----a-w- C:\Windows\System32\urlmon.dll
2014-05-28 18:31:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-05-28 18:30:24 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-28 18:30:06 237056 ----a-w- C:\Windows\System32\url.dll
2014-05-28 18:29:57 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-05-28 18:29:28 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-28 18:29:19 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-28 18:29:19 2148352 ----a-w- C:\Windows\System32\iertutil.dll
2014-05-28 18:29:11 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-05-28 18:29:09 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-05-28 18:28:40 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-05-28 18:28:38 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-05-28 18:28:34 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-05-28 18:28:30 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-05-28 18:28:20 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-05-28 18:28:10 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-28 18:28:02 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-05-28 18:27:30 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-05-28 16:48:31 12356608 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-05-28 16:39:36 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-28 16:38:21 9711104 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-05-28 16:33:46 1106432 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-05-28 16:32:59 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-28 16:31:33 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-05-28 16:31:17 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-05-28 16:30:53 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-28 16:30:44 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-05-28 16:30:31 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-05-28 16:30:25 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-05-28 16:30:08 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-05-28 16:30:00 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-05-28 16:29:58 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-05-28 16:29:49 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-05-28 16:29:44 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-05-28 16:29:31 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-05-28 16:28:35 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-05-12 11:26:06 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-03 01:30:15 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2014-04-26 18:21:07 622592 ----a-w- C:\Windows\System32\usp10.dll
2014-04-26 16:01:22 502784 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-09 19:32:55 93144 ----a-w- C:\Windows\System32\drivers\hmpalert.sys
2014-04-09 19:32:55 548424 ----a-w- C:\Windows\System32\hmpalert.dll
2014-04-09 19:32:55 477008 ----a-w- C:\Windows\SysWow64\hmpalert.dll
2000-11-15 21:34:06 53248 ----a-w- C:\Program Files (x86)\ASCIIStudio.exe
.
============= FINISH: 16:44:30.35 ===============

Attached Files


Edited by Without_A_Monitor, 05 July 2014 - 06:01 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 10 July 2014 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:02:08 PM

Posted 10 July 2014 - 02:10 PM

hey, nasdaq. Thank you very much for the reply. Just to be clear, I already determined the problem of the credit card scam. It was nothing to do with malware or any sort of infection/attack on my laptop; however, I still think that there is some sort of malware/infectin/etc. seemingly on my laptop. An instance that makes me think that my laptop is possibly infected is something strange happened several weeks ago. I turned on my laptop to find some small black window above my task tray that looked like an ad for some game called "Magic barge," but I have no idea how it appeared on my laptop.

I actually already had rogue killer because I downloaded it from here the other day and ran it, but I didn't delete anything. I also have had adwcleaner for a while and have been running it. With that said, I did what you listed. Thank you very much once again for your help.



RogueKiller V9.2.1.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : El Diego [Admin rights]
Mode : Remove -- Date : 07/10/2014 14:05:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Skytel : Skytel.exe [x] -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tizeqdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tizeqdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tizeqdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tizeqdrv -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1786916353-3864107569-3064167919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 7d1c98d98d564f63a9a3d853984805e3
[BSP] 9e5beff5298f2f89b395de2f9bfa4589 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10896 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22317056 | Size: 227577 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_07062014_172637.log - RKreport_SCN_07092014_214659.log - RKreport_SCN_07102014_140326.log












# AdwCleaner v3.215 - Report created 10/07/2014 at 14:10:29
# Updated 09/07/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : El Diego - EL_DIEGO
# Running from : C:\Users\El Diego\Downloads\bastion\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6039 octets] - [14/11/2013 05:32:33]
AdwCleaner[R100].txt - [8258 octets] - [03/06/2014 16:20:29]
AdwCleaner[R101].txt - [8320 octets] - [05/06/2014 03:33:28]
AdwCleaner[R102].txt - [8383 octets] - [06/06/2014 22:57:03]
AdwCleaner[R103].txt - [8445 octets] - [07/06/2014 06:12:30]
AdwCleaner[R104].txt - [8507 octets] - [08/06/2014 03:53:06]
AdwCleaner[R105].txt - [8569 octets] - [09/06/2014 22:37:16]
AdwCleaner[R106].txt - [8631 octets] - [11/06/2014 17:12:35]
AdwCleaner[R107].txt - [8693 octets] - [13/06/2014 00:13:33]
AdwCleaner[R108].txt - [8755 octets] - [14/06/2014 05:57:56]
AdwCleaner[R109].txt - [8817 octets] - [14/06/2014 06:17:26]
AdwCleaner[R10].txt - [4484 octets] - [03/12/2013 06:38:56]
AdwCleaner[R110].txt - [8879 octets] - [15/06/2014 22:14:25]
AdwCleaner[R111].txt - [8939 octets] - [19/06/2014 02:14:14]
AdwCleaner[R112].txt - [9001 octets] - [19/06/2014 14:44:11]
AdwCleaner[R113].txt - [9477 octets] - [23/06/2014 15:09:56]
AdwCleaner[R114].txt - [9539 octets] - [25/06/2014 21:00:50]
AdwCleaner[R115].txt - [9601 octets] - [26/06/2014 03:42:07]
AdwCleaner[R116].txt - [9663 octets] - [27/06/2014 03:24:42]
AdwCleaner[R117].txt - [9643 octets] - [29/06/2014 23:03:57]
AdwCleaner[R118].txt - [9705 octets] - [03/07/2014 00:00:26]
AdwCleaner[R119].txt - [9767 octets] - [04/07/2014 02:58:16]
AdwCleaner[R11].txt - [4385 octets] - [03/12/2013 21:01:18]
AdwCleaner[R120].txt - [9829 octets] - [05/07/2014 18:04:12]
AdwCleaner[R121].txt - [9891 octets] - [05/07/2014 19:42:38]
AdwCleaner[R122].txt - [9953 octets] - [07/07/2014 03:09:20]
AdwCleaner[R123].txt - [10015 octets] - [07/07/2014 05:32:18]
AdwCleaner[R124].txt - [10078 octets] - [08/07/2014 03:43:16]
AdwCleaner[R125].txt - [10142 octets] - [09/07/2014 13:21:05]
AdwCleaner[R126].txt - [10205 octets] - [10/07/2014 14:08:17]
AdwCleaner[R12].txt - [4507 octets] - [08/12/2013 07:25:16]
AdwCleaner[R13].txt - [6525 octets] - [30/12/2013 05:12:28]
AdwCleaner[R14].txt - [4749 octets] - [30/12/2013 18:14:32]
AdwCleaner[R15].txt - [2617 octets] - [21/01/2014 03:15:25]
AdwCleaner[R16].txt - [2678 octets] - [21/01/2014 04:01:15]
AdwCleaner[R17].txt - [2739 octets] - [21/01/2014 06:00:58]
AdwCleaner[R18].txt - [2861 octets] - [21/01/2014 20:07:11]
AdwCleaner[R19].txt - [2983 octets] - [22/01/2014 06:57:53]
AdwCleaner[R1].txt - [3499 octets] - [15/11/2013 04:49:41]
AdwCleaner[R20].txt - [3044 octets] - [26/01/2014 00:30:31]
AdwCleaner[R21].txt - [3105 octets] - [26/01/2014 06:44:28]
AdwCleaner[R22].txt - [3166 octets] - [26/01/2014 07:06:34]
AdwCleaner[R23].txt - [3288 octets] - [27/01/2014 03:46:24]
AdwCleaner[R24].txt - [3349 octets] - [28/01/2014 04:54:45]
AdwCleaner[R25].txt - [3411 octets] - [31/01/2014 23:16:19]
AdwCleaner[R26].txt - [3472 octets] - [02/02/2014 07:35:08]
AdwCleaner[R27].txt - [3594 octets] - [03/02/2014 06:34:11]
AdwCleaner[R28].txt - [3655 octets] - [03/02/2014 18:36:23]
AdwCleaner[R29].txt - [3716 octets] - [05/02/2014 00:44:22]
AdwCleaner[R2].txt - [3571 octets] - [15/11/2013 18:26:19]
AdwCleaner[R30].txt - [3777 octets] - [05/02/2014 04:48:13]
AdwCleaner[R31].txt - [3838 octets] - [06/02/2014 20:17:37]
AdwCleaner[R32].txt - [3899 octets] - [07/02/2014 06:23:26]
AdwCleaner[R33].txt - [3960 octets] - [08/02/2014 18:03:36]
AdwCleaner[R34].txt - [4021 octets] - [10/02/2014 02:36:26]
AdwCleaner[R35].txt - [4082 octets] - [10/02/2014 15:30:44]
AdwCleaner[R36].txt - [4143 octets] - [11/02/2014 20:20:51]
AdwCleaner[R37].txt - [4204 octets] - [12/02/2014 21:38:50]
AdwCleaner[R38].txt - [4265 octets] - [12/02/2014 22:23:27]
AdwCleaner[R39].txt - [4326 octets] - [13/02/2014 19:52:01]
AdwCleaner[R3].txt - [3693 octets] - [22/11/2013 23:16:03]
AdwCleaner[R40].txt - [4387 octets] - [14/02/2014 18:13:41]
AdwCleaner[R41].txt - [4448 octets] - [14/02/2014 20:44:19]
AdwCleaner[R42].txt - [4511 octets] - [15/02/2014 19:27:57]
AdwCleaner[R43].txt - [4572 octets] - [15/02/2014 23:32:15]
AdwCleaner[R44].txt - [4633 octets] - [16/02/2014 00:36:46]
AdwCleaner[R45].txt - [4694 octets] - [17/02/2014 19:31:08]
AdwCleaner[R46].txt - [4755 octets] - [19/02/2014 03:53:49]
AdwCleaner[R47].txt - [4816 octets] - [19/02/2014 19:23:22]
AdwCleaner[R48].txt - [4877 octets] - [20/02/2014 06:20:03]
AdwCleaner[R49].txt - [4938 octets] - [21/02/2014 18:31:02]
AdwCleaner[R4].txt - [3753 octets] - [23/11/2013 04:45:43]
AdwCleaner[R50].txt - [4999 octets] - [22/02/2014 22:28:44]
AdwCleaner[R51].txt - [5060 octets] - [24/02/2014 04:38:27]
AdwCleaner[R52].txt - [5121 octets] - [25/02/2014 00:52:50]
AdwCleaner[R53].txt - [5182 octets] - [25/02/2014 07:15:27]
AdwCleaner[R54].txt - [5243 octets] - [25/02/2014 22:38:16]
AdwCleaner[R55].txt - [5304 octets] - [25/02/2014 22:43:08]
AdwCleaner[R56].txt - [5365 octets] - [25/02/2014 23:16:13]
AdwCleaner[R57].txt - [5426 octets] - [26/02/2014 06:53:04]
AdwCleaner[R58].txt - [5487 octets] - [27/02/2014 04:53:09]
AdwCleaner[R59].txt - [5548 octets] - [28/02/2014 04:48:43]
AdwCleaner[R5].txt - [3813 octets] - [24/11/2013 15:59:58]
AdwCleaner[R60].txt - [5609 octets] - [28/02/2014 16:49:40]
AdwCleaner[R61].txt - [5670 octets] - [01/03/2014 22:15:10]
AdwCleaner[R62].txt - [5731 octets] - [04/03/2014 22:05:03]
AdwCleaner[R63].txt - [5792 octets] - [06/03/2014 06:35:03]
AdwCleaner[R64].txt - [5853 octets] - [09/03/2014 04:14:21]
AdwCleaner[R65].txt - [5914 octets] - [09/03/2014 19:55:49]
AdwCleaner[R66].txt - [5975 octets] - [10/03/2014 17:31:55]
AdwCleaner[R67].txt - [6036 octets] - [16/03/2014 05:22:42]
AdwCleaner[R68].txt - [6097 octets] - [18/03/2014 01:14:33]
AdwCleaner[R69].txt - [6158 octets] - [19/03/2014 01:45:41]
AdwCleaner[R6].txt - [3873 octets] - [24/11/2013 19:46:36]
AdwCleaner[R70].txt - [6219 octets] - [19/03/2014 19:26:42]
AdwCleaner[R71].txt - [6278 octets] - [21/03/2014 16:20:28]
AdwCleaner[R72].txt - [6339 octets] - [23/03/2014 18:03:24]
AdwCleaner[R73].txt - [6400 octets] - [26/03/2014 04:49:10]
AdwCleaner[R74].txt - [6461 octets] - [26/03/2014 16:25:39]
AdwCleaner[R75].txt - [6583 octets] - [26/03/2014 22:36:40]
AdwCleaner[R76].txt - [6644 octets] - [01/04/2014 16:52:12]
AdwCleaner[R77].txt - [6705 octets] - [06/04/2014 04:28:04]
AdwCleaner[R78].txt - [6766 octets] - [06/04/2014 05:24:24]
AdwCleaner[R79].txt - [6827 octets] - [06/04/2014 21:24:51]
AdwCleaner[R7].txt - [3993 octets] - [24/11/2013 21:52:49]
AdwCleaner[R80].txt - [6888 octets] - [18/04/2014 04:03:37]
AdwCleaner[R81].txt - [6949 octets] - [20/04/2014 06:05:01]
AdwCleaner[R82].txt - [7144 octets] - [23/04/2014 21:16:33]
AdwCleaner[R83].txt - [7285 octets] - [25/04/2014 04:28:32]
AdwCleaner[R84].txt - [7346 octets] - [30/04/2014 18:48:24]
AdwCleaner[R85].txt - [7407 octets] - [01/05/2014 05:40:32]
AdwCleaner[R86].txt - [7468 octets] - [09/05/2014 05:30:54]
AdwCleaner[R87].txt - [7531 octets] - [11/05/2014 18:28:24]
AdwCleaner[R88].txt - [7592 octets] - [15/05/2014 05:19:24]
AdwCleaner[R89].txt - [7653 octets] - [16/05/2014 17:12:52]
AdwCleaner[R8].txt - [4121 octets] - [26/11/2013 17:57:20]
AdwCleaner[R90].txt - [7720 octets] - [20/05/2014 20:58:51]
AdwCleaner[R91].txt - [7847 octets] - [24/05/2014 13:37:39]
AdwCleaner[R92].txt - [7762 octets] - [25/05/2014 04:03:11]
AdwCleaner[R93].txt - [8155 octets] - [29/05/2014 16:39:55]
AdwCleaner[R94].txt - [8216 octets] - [29/05/2014 18:24:17]
AdwCleaner[R95].txt - [7952 octets] - [29/05/2014 18:30:40]
AdwCleaner[R96].txt - [8013 octets] - [30/05/2014 03:34:43]
AdwCleaner[R97].txt - [8074 octets] - [31/05/2014 22:18:25]
AdwCleaner[R98].txt - [8135 octets] - [01/06/2014 05:13:23]
AdwCleaner[R99].txt - [8196 octets] - [02/06/2014 02:11:02]
AdwCleaner[R9].txt - [4301 octets] - [26/11/2013 23:23:06]
AdwCleaner[S0].txt - [5704 octets] - [14/11/2013 05:38:29]
AdwCleaner[S10].txt - [2435 octets] - [14/01/2014 23:28:07]
AdwCleaner[S11].txt - [2496 octets] - [18/01/2014 18:42:50]
AdwCleaner[S12].txt - [2557 octets] - [21/01/2014 01:40:56]
AdwCleaner[S13].txt - [2801 octets] - [21/01/2014 06:01:47]
AdwCleaner[S14].txt - [2923 octets] - [21/01/2014 20:08:07]
AdwCleaner[S15].txt - [3228 octets] - [26/01/2014 07:07:17]
AdwCleaner[S16].txt - [3534 octets] - [02/02/2014 07:35:56]
AdwCleaner[S17].txt - [6523 octets] - [26/03/2014 16:29:26]
AdwCleaner[S18].txt - [8296 octets] - [29/05/2014 18:25:55]
AdwCleaner[S19].txt - [9596 octets] - [10/07/2014 14:10:29]
AdwCleaner[S1].txt - [3637 octets] - [15/11/2013 18:36:17]
AdwCleaner[S2].txt - [3939 octets] - [24/11/2013 21:05:45]
AdwCleaner[S3].txt - [4059 octets] - [24/11/2013 22:05:44]
AdwCleaner[S4].txt - [4187 octets] - [26/11/2013 17:59:04]
AdwCleaner[S5].txt - [4307 octets] - [26/11/2013 23:25:50]
AdwCleaner[S6].txt - [5423 octets] - [30/12/2013 05:13:24]
AdwCleaner[S7].txt - [4506 octets] - [30/12/2013 18:15:24]
AdwCleaner[S8].txt - [2313 octets] - [10/01/2014 20:10:06]
AdwCleaner[S9].txt - [2373 octets] - [11/01/2014 16:54:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S19].txt - [10197 octets] ##########











Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by El Diego (administrator) on EL_DIEGO on 10-07-2014 14:17:59
Running from C:\Users\El Diego\Desktop
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-04] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1786916353-3864107569-3064167919-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-1786916353-3864107569-3064167919-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR_en
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default
FF DefaultSearchEngine: Firefox Add-ons
FF SelectedSearchEngine: Firefox Add-ons
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\searchplugins\firefox-add-ons.xml
FF Extension: TVU Web Player - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\firefox@tvunetworks.com [2010-05-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-11]
FF Extension: Ghostery - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\firefox@ghostery.com.xpi [2013-08-13]
FF Extension: Adblock Plus - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
FF Extension: QuickWiki - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2011-11-10]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-06-06]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-26]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Google Wallet) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S4 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1449984 2008-08-20] (Intel® Corporation) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-06] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [202008 2014-07-08] ()
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-11] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-09] (Intuit Inc.) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-08-20] (Intel® Corporation) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [134656 2008-10-17] (Realtek Semiconductor) [File not signed]
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2008-09-29] (Intel Corporation) [File not signed]
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-10-21] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-10-21] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-10-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-09-08] (Sony Corporation) [File not signed]
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [446464 2008-09-03] (Sony Corporation) [File not signed]
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-09-08] (Sony Corporation)
S4 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-09-08] (Sony Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
S1 Beep; No ImagePath
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-08-22] (Sony Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbae\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
S2 MxlW2k; C:\Windows\SysWow64\Drivers\MxlW2k.sys [27924 2014-06-25] (MusicMatch, Inc.) [File not signed]
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-02] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-02] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [67656 2011-05-31] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tizeqdrv; C:\Users\El Diego\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-07-17] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-10] ()
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 14:07 - 2014-07-10 14:14 - 00015987 _____ () C:\Users\El Diego\Documents\bc problem.txt
2014-07-10 13:55 - 2014-07-10 13:56 - 00042941 _____ () C:\Users\El Diego\Desktop\Addition.txt
2014-07-10 13:53 - 2014-07-10 14:19 - 00022362 _____ () C:\Users\El Diego\Desktop\FRST.txt
2014-07-10 13:51 - 2014-07-10 14:18 - 00000000 ____D () C:\FRST
2014-07-10 13:49 - 2014-07-10 13:49 - 02084352 _____ (Farbar) C:\Users\El Diego\Desktop\FRST64.exe
2014-07-09 21:42 - 2014-07-10 13:58 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-09 01:00 - 2014-07-09 13:32 - 00000000 ____D () C:\Users\El Diego\AppData\Local\CrashDumps
2014-07-08 00:44 - 2014-07-08 00:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-07 22:14 - 2014-07-07 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-07 22:13 - 2014-07-10 14:13 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-07 22:05 - 2014-07-07 22:13 - 233663808 _____ (Emsisoft GmbH ) C:\Users\El Diego\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-06 17:21 - 2014-07-06 17:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-05 16:53 - 2014-07-05 16:53 - 00000000 ____D () C:\Users\El Diego\AppData\Local\ESET
2014-07-05 02:12 - 2014-07-05 02:12 - 00273600 _____ () C:\Windows\Minidump\Mini070514-01.dmp
2014-07-04 22:09 - 2014-07-04 22:09 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\FixExec.exe
2014-07-04 22:08 - 2014-07-04 22:08 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\show-hidden.exe
2014-07-04 22:05 - 2014-07-04 22:05 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\sc-cleaner.exe
2014-07-03 22:20 - 2014-07-10 12:14 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Skype
2014-06-27 21:23 - 2014-05-28 14:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-27 21:23 - 2014-05-28 14:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-27 21:23 - 2014-05-28 14:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-27 21:23 - 2014-05-28 14:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-27 21:23 - 2014-05-28 14:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-27 21:23 - 2014-05-28 14:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-27 21:23 - 2014-05-28 14:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-27 21:23 - 2014-05-28 14:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-27 21:23 - 2014-05-28 14:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-27 21:23 - 2014-05-28 14:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-27 21:23 - 2014-05-28 14:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-27 21:23 - 2014-05-28 14:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-27 21:23 - 2014-05-28 14:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-27 21:23 - 2014-05-28 14:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-27 21:23 - 2014-05-28 14:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-27 21:23 - 2014-05-28 14:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-27 21:23 - 2014-05-28 14:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-27 21:23 - 2014-05-28 14:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-27 21:23 - 2014-05-28 14:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-27 21:23 - 2014-05-28 14:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-27 21:23 - 2014-05-28 14:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-27 21:23 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-27 21:23 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-27 21:23 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-27 21:23 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-27 21:23 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-27 21:23 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-27 21:23 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-27 21:23 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-27 21:23 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-27 21:23 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-27 21:23 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-27 21:23 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-27 21:23 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-27 21:23 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-27 21:23 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-27 21:23 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-27 21:23 - 2014-04-26 14:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-27 21:23 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-27 21:23 - 2014-04-05 00:26 - 01417664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-27 21:23 - 2014-04-04 22:32 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-27 21:23 - 2014-03-10 02:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-27 21:23 - 2014-03-10 02:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-27 21:23 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-27 21:23 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-26 22:12 - 2014-06-26 22:13 - 01064488 _____ (BillP Studios) C:\Users\El Diego\Downloads\wpsetup3.exe
2014-06-19 15:05 - 2014-06-19 15:05 - 00000042 _____ () C:\Users\El Diego\Documents\delta voucher.txt
2014-06-19 14:22 - 2014-06-19 14:22 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\63F24089.sys
2014-06-19 14:14 - 2014-06-19 14:14 - 00000024 _____ () C:\Users\El Diego\AppData\Roaming\temp.ini
2014-06-18 23:01 - 2014-06-23 20:52 - 00000048 _____ () C:\Users\El Diego\Documents\red roof inn confirmation and delta voucher.txt
2014-06-18 04:37 - 2014-06-18 04:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 21:26 - 2014-06-16 21:27 - 00000021 _____ () C:\Users\El Diego\Documents\delta flight confirmation number.txt
2014-06-14 05:50 - 2014-06-14 05:50 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Yahoo!
2014-06-14 05:46 - 2014-06-14 06:09 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-06-14 05:46 - 2014-06-14 05:46 - 00691576 _____ (Yahoo! Inc.) C:\Users\El Diego\Downloads\msgr11us.exe
2014-06-13 14:22 - 2014-06-13 14:22 - 00000087 _____ () C:\Windows\SysWOW64\EpfwUser.dat
2014-06-10 05:03 - 2014-07-09 02:38 - 00002354 _____ () C:\Users\El Diego\Documents\another brick in the wall of music.txt
2014-06-10 04:40 - 2014-07-04 04:01 - 00008120 _____ () C:\Users\El Diego\Documents\bc exercise 1 (1).txt

==================== One Month Modified Files and Folders =======

2014-07-10 14:19 - 2014-07-10 13:53 - 00022362 _____ () C:\Users\El Diego\Desktop\FRST.txt
2014-07-10 14:18 - 2014-07-10 13:51 - 00000000 ____D () C:\FRST
2014-07-10 14:14 - 2014-07-10 14:07 - 00015987 _____ () C:\Users\El Diego\Documents\bc problem.txt
2014-07-10 14:14 - 2010-03-01 22:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 14:13 - 2014-07-07 22:13 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-10 14:12 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 14:12 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 14:12 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 14:12 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-10 14:11 - 2010-02-24 01:25 - 01395385 ____H () C:\Windows\WindowsUpdate.log
2014-07-10 14:11 - 2008-10-30 22:17 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-10 14:11 - 2006-11-02 11:42 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 14:10 - 2013-11-14 05:32 - 00000000 ____D () C:\AdwCleaner
2014-07-10 14:08 - 2014-01-03 16:25 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-10 14:03 - 2010-03-01 22:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 13:58 - 2014-07-09 21:42 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-10 13:56 - 2014-07-10 13:55 - 00042941 _____ () C:\Users\El Diego\Desktop\Addition.txt
2014-07-10 13:49 - 2014-07-10 13:49 - 02084352 _____ (Farbar) C:\Users\El Diego\Desktop\FRST64.exe
2014-07-10 12:14 - 2014-07-03 22:20 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Skype
2014-07-10 11:26 - 2014-02-17 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 04:45 - 2008-01-20 23:26 - 00483020 ____H () C:\Windows\PFRO.log
2014-07-10 04:28 - 2014-03-07 04:40 - 00002706 _____ () C:\Users\El Diego\Desktop\Rkill.txt
2014-07-10 01:21 - 2014-05-28 02:28 - 00000212 _____ () C:\Users\El Diego\Documents\a brick in the wall of music.txt
2014-07-09 21:41 - 2013-11-24 23:39 - 00000000 ____D () C:\Users\El Diego\Downloads\bastion
2014-07-09 13:32 - 2014-07-09 01:00 - 00000000 ____D () C:\Users\El Diego\AppData\Local\CrashDumps
2014-07-09 13:20 - 2014-03-24 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 13:07 - 2014-01-03 18:20 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-09 13:07 - 2011-07-04 21:30 - 00000000 ___HD () C:\ProgramData\TEMP
2014-07-09 03:26 - 2014-02-17 16:30 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 03:26 - 2012-04-02 14:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 03:26 - 2011-05-20 19:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 02:38 - 2014-06-10 05:03 - 00002354 _____ () C:\Users\El Diego\Documents\another brick in the wall of music.txt
2014-07-08 23:06 - 2013-12-30 16:18 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 22:59 - 2010-02-24 00:56 - 00202008 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-08 02:58 - 2010-02-28 23:05 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\vlc
2014-07-08 02:34 - 2010-02-24 00:56 - 00202008 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-08 00:44 - 2014-07-08 00:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-07 22:14 - 2014-07-07 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-07 22:13 - 2014-07-07 22:05 - 233663808 _____ (Emsisoft GmbH ) C:\Users\El Diego\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-06 17:21 - 2014-07-06 17:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-05 21:38 - 2011-08-25 16:00 - 00002012 _____ () C:\Users\El Diego\Documents\tu info.txt
2014-07-05 17:26 - 2013-12-30 16:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-05 16:53 - 2014-07-05 16:53 - 00000000 ____D () C:\Users\El Diego\AppData\Local\ESET
2014-07-05 02:12 - 2014-07-05 02:12 - 00273600 _____ () C:\Windows\Minidump\Mini070514-01.dmp
2014-07-05 02:12 - 2012-04-30 17:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-05 02:11 - 2012-04-30 17:37 - 536593722 _____ () C:\Windows\MEMORY.DMP
2014-07-04 22:09 - 2014-07-04 22:09 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\FixExec.exe
2014-07-04 22:08 - 2014-07-04 22:08 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\show-hidden.exe
2014-07-04 22:05 - 2014-07-04 22:05 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Downloads\sc-cleaner.exe
2014-07-04 16:09 - 2013-10-07 15:46 - 00083624 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-07-04 16:08 - 2006-11-02 11:21 - 00343176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-04 16:05 - 2010-02-24 01:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-04 16:05 - 2010-02-24 01:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-04 16:03 - 2010-02-24 01:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-07-04 16:00 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\ShellNew
2014-07-04 04:01 - 2014-06-10 04:40 - 00008120 _____ () C:\Users\El Diego\Documents\bc exercise 1 (1).txt
2014-07-03 22:22 - 2010-02-24 01:14 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Skype_old
2014-07-02 05:34 - 2013-10-30 16:36 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-01 12:36 - 2006-11-02 08:46 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 02:18 - 2011-08-05 19:52 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Xfire
2014-06-30 02:06 - 2011-08-05 19:52 - 00000000 ____D () C:\ProgramData\Xfire
2014-06-27 21:32 - 2013-11-25 01:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-27 21:29 - 2006-11-02 08:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-26 22:13 - 2014-06-26 22:12 - 01064488 _____ (BillP Studios) C:\Users\El Diego\Downloads\wpsetup3.exe
2014-06-26 22:13 - 2014-01-15 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-26 22:13 - 2014-01-15 20:15 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-25 16:01 - 2010-02-24 00:53 - 00027924 _____ (MusicMatch, Inc.) C:\Windows\SysWOW64\Drivers\MxlW2k.sys
2014-06-24 04:23 - 2010-02-24 01:13 - 00000000 ___HD () C:\Users\El Diego\AppData\Local\WeatherBug
2014-06-23 20:52 - 2014-06-18 23:01 - 00000048 _____ () C:\Users\El Diego\Documents\red roof inn confirmation and delta voucher.txt
2014-06-19 15:05 - 2014-06-19 15:05 - 00000042 _____ () C:\Users\El Diego\Documents\delta voucher.txt
2014-06-19 14:22 - 2014-06-19 14:22 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\63F24089.sys
2014-06-19 14:14 - 2014-06-19 14:14 - 00000024 _____ () C:\Users\El Diego\AppData\Roaming\temp.ini
2014-06-18 13:28 - 2012-04-25 06:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 04:37 - 2014-06-18 04:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 21:27 - 2014-06-16 21:26 - 00000021 _____ () C:\Users\El Diego\Documents\delta flight confirmation number.txt
2014-06-14 06:58 - 2010-03-01 22:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-14 06:58 - 2010-03-01 22:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 06:09 - 2014-06-14 05:46 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-06-14 05:50 - 2014-06-14 05:50 - 00000000 ____D () C:\Users\El Diego\AppData\Roaming\Yahoo!
2014-06-14 05:48 - 2010-02-24 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2014-06-14 05:46 - 2014-06-14 05:46 - 00691576 _____ (Yahoo! Inc.) C:\Users\El Diego\Downloads\msgr11us.exe
2014-06-14 01:43 - 2012-12-17 05:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-13 14:22 - 2014-06-13 14:22 - 00000087 _____ () C:\Windows\SysWOW64\EpfwUser.dat
2014-06-13 00:41 - 2013-08-17 18:58 - 00000000 ____D () C:\Users\El Diego\Documents\WebCam Media

Some content of TEMP:
====================
C:\Users\El Diego\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-10 14:20

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 11 July 2014 - 08:30 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {99D864D2-A46B-465D-B3F2-FBC665393417} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2013-06-08] () <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:02:08 PM

Posted 11 July 2014 - 12:32 PM

Hey, nasdaq. Thanks for your continued help. I sincerely appreciate it. The laptop seems to be running fine. The "magic barrage" or whatever has to do with iobit (gamebooster) from what I found out. I guess that I was perhaps overly cautious in my decision to make this thread. I did the steps that you listed in regards to both the fixlog and checkup. Thanks once again.








Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by El Diego at 2014-07-11 13:14:51 Run:1
Running from C:\Users\El Diego\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {99D864D2-A46B-465D-B3F2-FBC665393417} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2013-06-08] () <==== ATTENTION

End
*****************

'HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCR\PROTOCOLS\Handler\intu-help-qb2' => Key deleted successfully.
'HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\qbwc' => Key deleted successfully.
'HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer' => Key deleted successfully.
C:\Windows\system32\TVUAx\npTVUAx.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll not found.
C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll not found.
C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll not found.
C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
C:\Windows\system32\TVUAx\npTVUAx.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
igfx => Service deleted successfully.
IntcHdmiAddService => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99D864D2-A46B-465D-B3F2-FBC665393417}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99D864D2-A46B-465D-B3F2-FBC665393417}' => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate' => Key deleted successfully.

==== End of Fixlog ====


















Results of screen317's Security Check version 0.99.85
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Emsisoft Anti-Malware
ESET NOD32 Antivirus 7.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware Free Edition
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (30.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Emsisoft Anti-Malware a2service.exe
Malwarebytes' Anti-Malware mbae Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes' Anti-Malware mbae Malwarebytes Anti-Exploit mbae.exe
Emsisoft Anti-Malware a2guard.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 12 July 2014 - 06:51 AM

Looking good.

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:02:08 PM

Posted 12 July 2014 - 01:56 PM

Thank you for all the info and help, nasdaq. I will look into the firewall situation. How should I proceed to clean up/remove FRST and the related files to it?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 13 July 2014 - 06:38 AM

I would keep FRST in a separate folder for use if ever you need to report other problems.
The files created can just be deleted.

#9 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:02:08 PM

Posted 13 July 2014 - 12:13 PM

I will do just that. A many thanks once again, nasdaq.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 PM

Posted 13 July 2014 - 01:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users