Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, Or Rootkit Or Both


  • This topic is locked This topic is locked
34 replies to this topic

#1 Sky23

Sky23

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 15 July 2014 - 09:12 AM

HI Bleeping, my problem begins with perfectly good web links that I have used in the past redirecting, or no, actually opening up new tabs of malware, I also believe that whatever is wrong with my computer i affecting my internet connection heavily. I have pop-ups showing up on almost every web page I visit, & sometimes my web page, won't even open up. I started noticing a problem when I was using Internet explorer & I had read something about IE infecting computers, but I am not sure whats going on Ireally need your help! 

 

Also a program had shown that there were some backdoor infections, & I believe and an rootkit but I am not 100% certain

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.55.2
Run by Cruise at 9:42:28 on 2014-07-15
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3678.1586 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Caramava\updateCaramava.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Caramava\bin\utilCaramava.exe
C:\Program Files (x86)\Caramava\bin\Caramava.PurBrowse64.exe
C:\Program Files (x86)\Caramava\bin\Caramava.BrowserAdapter.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe
C:\Users\Cruise\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\Cruise\Desktop\Tor Browser\Tor\tor.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
BHO: {1e50bbda-c15a-47d5-9853-d829ff890664} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Arovax AntiSpyware] C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe /s
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{91CE422C-1825-41E2-8922-0B8CC52CB5D8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{91CE422C-1825-41E2-8922-0B8CC52CB5D8}\14454543A74645A6A414 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cruise\AppData\Roaming\Mozilla\Firefox\Profiles\y5f1ktrt.default-1398650957780\
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\System32\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-8-31 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-8-31 208416]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-8-7 56208]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-4-22 131520]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-4-22 499096]
R1 {7c722efd-1a40-4e08-aa0c-caa7161f7d43}w64;{7c722efd-1a40-4e08-aa0c-caa7161f7d43}w64;C:\windows\System32\Drivers\{7c722efd-1a40-4e08-aa0c-caa7161f7d43}w64.sys [2014-6-22 61112]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2013-8-31 1039096]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-8-31 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\Drivers\dtsoftbus01.sys [2014-4-18 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 240640]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2013-4-22 199008]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-8-31 79184]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2014-1-8 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-22 50344]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-11-15 126392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-5 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-5 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-5 171416]
R2 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe [2012-8-10 214488]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2013-8-9 328544]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 Update Caramava;Update Caramava;C:\Program Files (x86)\Caramava\updateCaramava.exe [2014-4-17 321824]
R2 Util Caramava;Util Caramava;C:\Program Files (x86)\Caramava\bin\utilCaramava.exe [2014-4-18 321824]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2013-4-22 9216]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-4-22 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-4-22 683664]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2013-4-22 58536]
S2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-6-22 29208]
S2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe --> C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [?]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\0108000.020\ccsetx64.sys [2013-8-2 169048]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 t_mobile_zte_cdc_acm;T-Mobile webConnect CDC-ACM driver;C:\windows\System32\Drivers\t_mobile_zte_cdc_acm.sys [2013-8-9 77824]
S3 t_mobile_zte_cdc_ecm;t_mobile_zte_cdc_ecm;C:\windows\System32\Drivers\t_mobile_zte_cdc_ecm.sys [2013-8-9 52224]
S3 t_mobile_zte_cpo;T-Mobile webConnect Install;C:\windows\System32\Drivers\t_mobile_zte_cpo.sys [2013-8-9 14336]
S3 t_mobile_zte_ecm_enum;T-Mobile webConnect DC Enumerator;C:\windows\System32\Drivers\t_mobile_zte_ecm_enum.sys [2013-8-9 52224]
S3 t_mobile_zte_ecm_enum_filter;t_mobile_zte_ecm_enum_filter;C:\windows\System32\Drivers\t_mobile_zte_ecm_enum_filter.sys [2013-8-9 52224]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\Drivers\taphss6.sys [2014-5-16 42184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-07-15 02:55:16 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-15 02:55:05 -------- d-----w- C:\Users\Cruise\AppData\Local\temp
2014-07-07 03:37:30 -------- d-----w- C:\Program Files (x86)\Emsisoft HiJackFree
2014-07-07 03:21:27 -------- d-----w- C:\ProgramData\Arovax
2014-07-07 03:21:25 -------- d-----w- C:\Program Files (x86)\Arovax AntiSpyware
2014-07-07 03:05:35 -------- d-----w- C:\Users\Cruise\AppData\Local\WinZip
2014-07-04 13:20:50 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-22 22:49:41 50063360 ----a-w- C:\Program Files (x86)\GUTA8CD.tmp
2014-06-22 22:49:41 -------- d-----w- C:\Program Files (x86)\GUMA8AD.tmp
2014-06-22 22:45:25 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-06-22 22:45:13 43152 ----a-w- C:\windows\avastSS.scr
2014-06-22 22:07:28 61112 ----a-w- C:\windows\System32\drivers\{7c722efd-1a40-4e08-aa0c-caa7161f7d43}w64.sys
2014-06-22 03:52:25 -------- d-----w- C:\B
.
==================== Find3M  ====================
.
2014-06-22 22:45:43 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-06-22 22:45:43 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-06-22 22:45:18 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-06-22 22:45:18 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-06-22 22:45:18 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-06-22 22:45:15 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-05-31 05:16:07 703992 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16:07 105464 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-24 02:47:54 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-05-24 02:47:45 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-05-24 02:47:44 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-24 01:26:46 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-23 22:37:13 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-05-17 00:42:36 42184 ----a-w- C:\windows\System32\drivers\taphss6.sys
2014-05-03 05:47:22 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-03 03:34:54 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-04-29 22:32:07 1301504 ----a-w- C:\windows\System32\gdi32.dll
2014-04-29 22:22:23 1023488 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-04-19 09:39:36 628024 ----a-w- C:\windows\System32\NotificationUI.exe
2014-04-19 08:45:39 693760 ----a-w- C:\windows\System32\WSShared.dll
2014-04-19 08:45:39 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57:49 566784 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-04-19 06:57:49 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 02:09:18 61112 ----a-w- C:\windows\System32\drivers\wStLibG64.sys
2014-04-18 23:51:28 283064 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH:  9:48:27.34 ===============
mni


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 20 July 2014 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 20 July 2014 - 07:51 PM

Ok will do and reply with the attachments soon



#4 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 24 July 2014 - 09:28 AM

Mbam Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/23/2014
Scan Time: 11:14:14 PM
Logfile: Mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.24.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Cruise
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306966
Time Elapsed: 31 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Firseria, C:\Users\Cruise\Downloads\Setup.exe, Quarantined, [227f5c442952a2941acbddf937cdea16], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Adw Cleaner Log
 
# AdwCleaner v3.216 - Report created 24/07/2014 at 08:29:00
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Cruise - RUSH
# Running from : C:\Users\Cruise\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Caramava
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Cruise\AppData\Roaming\Mozilla\Firefox\Profiles\y5f1ktrt.default-1398650957780\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [2132 octets] - [14/10/2013 16:46:50]
AdwCleaner[R1].txt - [3431 octets] - [19/01/2014 20:43:37]
AdwCleaner[R2].txt - [2503 octets] - [16/07/2014 11:42:37]
AdwCleaner[R3].txt - [1617 octets] - [24/07/2014 00:14:56]
AdwCleaner[S0].txt - [3259 octets] - [19/01/2014 20:45:43]
AdwCleaner[S1].txt - [2552 octets] - [16/07/2014 11:46:27]
AdwCleaner[S2].txt - [1544 octets] - [24/07/2014 08:29:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1604 octets] ##########
 
 
 
FRST Log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Cruise (administrator) on RUSH on 24-07-2014 10:04:34
Running from C:\Users\Cruise\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.60\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4211173025-391176931-123693198-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-4211173025-391176931-123693198-1001\...\Run: [Arovax AntiSpyware] => C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe [1966080 2007-09-21] (Arovax)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {CA32382C-9584-4CC9-8DA5-3089CAE933E7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {CA32382C-9584-4CC9-8DA5-3089CAE933E7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {CA32382C-9584-4CC9-8DA5-3089CAE933E7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {47512C8E-7260-4B29-970E-A2C206D3BE29} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {CA32382C-9584-4CC9-8DA5-3089CAE933E7} URL = 
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Cruise\AppData\Roaming\Mozilla\Firefox\Profiles\y5f1ktrt.default-1398650957780
FF Homepage: www.startpage.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Cruise\AppData\Roaming\Mozilla\Firefox\Profiles\y5f1ktrt.default-1398650957780\Extensions\donottrackplus@abine.com [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-22] (AVAST Software)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0108000.020\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-18] (Disc Soft Ltd)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-16] ()
S3 t_mobile_zte_cdc_acm; C:\Windows\system32\DRIVERS\t_mobile_zte_cdc_acm.sys [77824 2011-01-18] (T-Mobile) [File not signed]
S3 t_mobile_zte_cdc_ecm; C:\Windows\system32\DRIVERS\t_mobile_zte_cdc_ecm.sys [52224 2011-01-18] (T-Mobile) [File not signed]
S3 t_mobile_zte_cpo; C:\Windows\System32\drivers\t_mobile_zte_cpo.sys [14336 2011-01-18] (T-Mobile) [File not signed]
S3 t_mobile_zte_ecm_enum; C:\Windows\System32\drivers\t_mobile_zte_ecm_enum.sys [52224 2011-01-18] (T-Mobile) [File not signed]
S3 t_mobile_zte_ecm_enum_filter; C:\Windows\System32\drivers\t_mobile_zte_ecm_enum_filter.sys [52224 2011-01-18] (T-Mobile) [File not signed]
S3 catchme; \??\C:\Le\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 10:04 - 2014-07-24 10:05 - 00017038 _____ () C:\Users\Cruise\Downloads\FRST.txt
2014-07-24 10:04 - 2014-07-24 10:04 - 00000000 ____D () C:\FRST
2014-07-24 10:03 - 2014-07-24 10:03 - 02093568 _____ (Farbar) C:\Users\Cruise\Downloads\FRST64.exe
2014-07-24 10:01 - 2014-07-24 10:01 - 00001692 _____ () C:\Users\Cruise\Desktop\AdwCleaner[S2].txt
2014-07-24 00:12 - 2014-07-24 00:12 - 00001123 _____ () C:\Users\Cruise\Desktop\Mbam.txt
2014-07-23 23:11 - 2014-07-23 23:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 23:10 - 2014-07-23 23:10 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 23:09 - 2014-07-23 23:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 23:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-23 23:09 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-23 23:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-23 22:57 - 2014-07-23 22:57 - 01354223 _____ () C:\Users\Cruise\Downloads\adwcleaner_3.216.exe
2014-07-21 10:26 - 2014-07-21 10:26 - 00000000 ____D () C:\windows\ERUNT
2014-07-18 19:35 - 2014-07-18 19:35 - 06312136 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-18 07:00 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 07:00 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 14:32 - 2014-07-17 14:32 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 14:32 - 2014-07-17 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 14:32 - 2014-07-17 14:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 14:23 - 2014-07-17 14:23 - 00159578 _____ () C:\Users\Cruise\Downloads\JavaRa-2.6.zip
2014-07-16 12:50 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-16 12:50 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-16 12:49 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-16 12:49 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-16 12:49 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-16 12:49 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-16 12:49 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-16 12:49 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-16 12:49 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-16 12:49 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-16 12:49 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-16 12:49 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-16 12:49 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-16 12:49 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-16 12:49 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-16 12:49 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-16 12:49 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-16 12:49 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-16 12:49 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-16 12:49 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-16 12:49 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-16 12:49 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-16 12:48 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-16 12:48 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-16 12:48 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-16 12:48 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-16 12:30 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-16 12:30 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-16 12:30 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-16 12:10 - 2014-07-16 12:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 12:10 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-16 12:10 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-16 12:10 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-16 12:10 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-16 12:10 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-16 12:10 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-16 12:10 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-16 12:10 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-16 12:10 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-16 12:10 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-16 12:10 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-16 10:39 - 2014-07-16 10:39 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-16 09:17 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-16 09:08 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-16 09:08 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-16 09:08 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-15 18:09 - 2014-02-22 02:02 - 04579811 _____ () C:\Users\Cruise\Desktop\Mexican_Slow_Cooker.epub
2014-07-14 22:55 - 2014-07-14 22:55 - 00022846 _____ () C:\ComboFix.txt
2014-07-06 23:37 - 2014-07-06 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree
2014-07-06 23:37 - 2014-07-06 23:37 - 00001029 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-07-06 23:37 - 2014-07-06 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-07-06 23:21 - 2014-07-15 09:07 - 00000000 ____D () C:\Program Files (x86)\Arovax AntiSpyware
2014-07-06 23:21 - 2014-07-06 23:21 - 00000858 _____ () C:\Users\Public\Desktop\Arovax AntiSpyware.lnk
2014-07-06 23:21 - 2014-07-06 23:21 - 00000000 ____D () C:\ProgramData\Arovax
2014-07-06 23:05 - 2014-07-23 22:49 - 00000000 ____D () C:\Users\Cruise\AppData\Local\WinZip
2014-07-06 23:05 - 2014-07-06 23:05 - 00002258 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-07-06 23:01 - 2014-07-06 23:05 - 00000000 ____D () C:\ProgramData\WinZip
2014-07-06 23:01 - 2014-07-06 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-07-06 23:01 - 2014-07-06 23:01 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-07-06 22:54 - 2014-07-06 22:54 - 02205157 _____ () C:\Users\Cruise\Downloads\IceSword122en7.zip
2014-07-04 10:14 - 2014-07-24 08:29 - 00007798 _____ () C:\windows\PFRO.log
2014-07-04 09:20 - 2014-07-04 09:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-01 21:04 - 2014-07-24 08:51 - 00995992 _____ () C:\windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-24 10:05 - 2014-07-24 10:04 - 00017038 _____ () C:\Users\Cruise\Downloads\FRST.txt
2014-07-24 10:04 - 2014-07-24 10:04 - 00000000 ____D () C:\FRST
2014-07-24 10:03 - 2014-07-24 10:03 - 02093568 _____ (Farbar) C:\Users\Cruise\Downloads\FRST64.exe
2014-07-24 10:01 - 2014-07-24 10:01 - 00001692 _____ () C:\Users\Cruise\Desktop\AdwCleaner[S2].txt
2014-07-24 10:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-24 09:22 - 2014-07-24 09:22 - 00001553 _____ () C:\Users\Cruise\Downloads\Scottrader.jnlp
2014-07-24 08:51 - 2014-07-01 21:04 - 00995992 _____ () C:\windows\WindowsUpdate.log
2014-07-24 08:41 - 2013-07-31 22:11 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4211173025-391176931-123693198-1001
2014-07-24 08:30 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-24 08:29 - 2014-07-04 10:14 - 00007798 _____ () C:\windows\PFRO.log
2014-07-24 08:29 - 2013-10-14 16:46 - 00000000 ____D () C:\AdwCleaner
2014-07-24 08:29 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-24 00:14 - 2013-08-29 00:36 - 00004958 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Rush-Cruise Rush
2014-07-24 00:12 - 2014-07-24 00:12 - 00001123 _____ () C:\Users\Cruise\Desktop\Mbam.txt
2014-07-23 23:14 - 2014-07-23 23:11 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 23:10 - 2014-07-23 23:10 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 23:10 - 2014-07-23 23:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 22:57 - 2014-07-23 22:57 - 01354223 _____ () C:\Users\Cruise\Downloads\adwcleaner_3.216.exe
2014-07-23 22:49 - 2014-07-06 23:05 - 00000000 ____D () C:\Users\Cruise\AppData\Local\WinZip
2014-07-23 21:26 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-23 15:47 - 2014-01-24 23:39 - 00000000 ____D () C:\Users\Cruise\AppData\Roaming\Spotify
2014-07-23 15:32 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-22 18:27 - 2014-06-07 17:14 - 00003820 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1398824038
2014-07-22 18:27 - 2014-04-29 22:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-21 12:43 - 2014-01-24 23:42 - 00000000 ____D () C:\Users\Cruise\AppData\Local\Spotify
2014-07-21 11:03 - 2013-07-31 23:01 - 00000000 ____D () C:\Users\Cruise\AppData\Roaming\uTorrent
2014-07-21 11:02 - 2014-04-27 01:31 - 00000000 ____D () C:\Users\Cruise\Downloads\New
2014-07-21 10:26 - 2014-07-21 10:26 - 00000000 ____D () C:\windows\ERUNT
2014-07-20 19:40 - 2013-08-31 01:59 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-18 20:41 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-07-18 19:35 - 2014-07-18 19:35 - 06312136 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-18 07:04 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-18 02:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-18 02:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-18 02:20 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-07-17 14:32 - 2014-07-17 14:32 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 14:32 - 2014-07-17 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 14:32 - 2014-07-17 14:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 14:32 - 2013-09-19 22:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 14:23 - 2014-07-17 14:23 - 00159578 _____ () C:\Users\Cruise\Downloads\JavaRa-2.6.zip
2014-07-17 14:06 - 2013-08-18 06:27 - 00000000 ____D () C:\windows\system32\MRT
2014-07-17 14:00 - 2013-08-02 00:02 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-17 14:00 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-16 13:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\L2Schemas
2014-07-16 12:10 - 2014-07-16 12:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 11:48 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 11:46 - 2012-07-26 01:26 - 00000269 _____ () C:\windows\win.ini
2014-07-16 10:39 - 2014-07-16 10:39 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-16 10:36 - 2013-07-31 22:23 - 00000000 ____D () C:\Users\Cruise\AppData\Local\CrashDumps
2014-07-15 10:41 - 2013-11-28 02:53 - 00000000 ____D () C:\Users\Cruise\Documents\Agean
2014-07-15 09:18 - 2013-07-31 22:03 - 00000000 ____D () C:\Users\Cruise
2014-07-15 09:07 - 2014-07-06 23:21 - 00000000 ____D () C:\Program Files (x86)\Arovax AntiSpyware
2014-07-14 22:55 - 2014-07-14 22:55 - 00022846 _____ () C:\ComboFix.txt
2014-07-14 22:55 - 2013-08-22 03:13 - 00000000 ____D () C:\Qoobox
2014-07-14 22:48 - 2012-07-26 01:26 - 00000215 _____ () C:\windows\system.ini
2014-07-06 23:38 - 2014-07-06 23:37 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree
2014-07-06 23:37 - 2014-07-06 23:37 - 00001029 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-07-06 23:37 - 2014-07-06 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-07-06 23:21 - 2014-07-06 23:21 - 00000858 _____ () C:\Users\Public\Desktop\Arovax AntiSpyware.lnk
2014-07-06 23:21 - 2014-07-06 23:21 - 00000000 ____D () C:\ProgramData\Arovax
2014-07-06 23:05 - 2014-07-06 23:05 - 00002258 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-07-06 23:05 - 2014-07-06 23:01 - 00000000 ____D () C:\ProgramData\WinZip
2014-07-06 23:05 - 2014-07-06 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-07-06 23:01 - 2014-07-06 23:01 - 00000000 ____D () C:\Program Files (x86)\WinZip
2014-07-06 22:54 - 2014-07-06 22:54 - 02205157 _____ () C:\Users\Cruise\Downloads\IceSword122en7.zip
2014-07-05 23:39 - 2012-11-15 01:26 - 00000000 ____D () C:\Program Files\Toshiba
2014-07-04 09:21 - 2014-07-04 09:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-02 04:49 - 2013-08-01 06:43 - 00000000 ____D () C:\Users\Cruise\Documents\Info
2014-07-01 00:53 - 2013-12-25 02:02 - 00000000 ____D () C:\windows\Minidump
2014-06-26 16:53 - 2014-07-18 07:00 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:53 - 2014-07-18 07:00 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 06:34 - 2013-08-13 00:12 - 00000000 ____D () C:\Users\Cruise\Downloads\PDF'S
 
Some content of TEMP:
====================
C:\Users\Cruise\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-15 04:35
 
==================== End Of Log ============================
 
 
Help is much appreciated

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 24 July 2014 - 12:49 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Homepage: www.startpage.com
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1210150.dll No File
S3 catchme; \??\C:\Le\catchme.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#6 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 25 July 2014 - 01:03 PM

I was wondering what did you see to choose this:

 

 

start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Homepage: www.startpage.com
FF
Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1210150.dll No File
S3 catchme; \??\C:\Le\catchme.sys [X]

End

 

as a response & what does this code look for and perform

 

& also with the security check solution did you see any security flaws or the like within my previous post that was of concern


I will have the requested post in my next post & thanks again



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 25 July 2014 - 01:36 PM

The FRST fix will remove empty registry entries.

As for the Security check I just want to see if you a old versions of java, Flash and the reader from Adobe.
The older versions are a security risk.

#8 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 July 2014 - 02:45 AM

Hey there were actually a few folders in the FRST folder should I save in the first folder or into one of the 3 subfolders



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 27 July 2014 - 08:09 AM

The fix file should be in the folder were the .exe file is located.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 02 August 2014 - 08:39 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 07 August 2014 - 01:05 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 22 August 2014 - 07:52 AM

This topic has been re-opened at the request of the person who originally posted.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 28 August 2014 - 07:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 23 September 2014 - 12:47 PM

This topic has been re-opened at the request of the person who originally posted.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:26 AM

Posted 29 September 2014 - 07:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users