Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help removing Stormfall malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 usp8baller

usp8baller

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 19 July 2014 - 10:10 AM

I installed a new version of flash player and it installed some unwanted programs.  I was able to remove most but the hardest has been stormfall.

 

I also noticed, that when i click on my chrome icon, i am redirected to My Computer.

 

I ran adwcleaner, junkware removal tool, malewarebytes, and eset online scanner.  Still having the same issue with redirect on chrome icon and can't remove stormfall.

 

DDS log:

___________________

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.9.2
Run by Renee at 10:01:54 on 2014-07-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3066.1135 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
C:\Program Files\Battle.net\Battle.net.4826\Battle.net.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uWindow Title = Internet Explorer provided by Dell
mStart Page = www.google.com
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\renee\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [ROC_ROC_APR2013_AV] c:\users\renee\appdata\roaming\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 22969555ab7dd2ad9d6e91fbc145f119-81f757445d64a4b6cecdcf24c1cff54acbee0372 --CMPID ROC_APR2013_AV
uRun: [AVG-Secure-Search-Update_0913a] c:\users\renee\appdata\roaming\avg 0913a campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 22969555ab7dd2ad9d6e91fbc145f119-81f757445d64a4b6cecdcf24c1cff54acbee0372 --CMPID 0913a
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
StartupFolder: c:\users\renee\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://webmail.bjservices.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{113CB537-DC8F-4454-AA6C-5241D5E7DE4C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{68C07F19-3DF9-44B5-B4C4-A429F82ABA4E} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\renee\appdata\roaming\mozilla\firefox\profiles\2twhja4t.default\
FF - prefs.js: browser.search.selectedEngine - WSE Rocket
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\renee\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\renee\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-03 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-27 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-10-23 120728]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-12-28 65657]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-4-27 203264]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-29 110296]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-4-27 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-4-27 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-4-27 279488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-6-8 23808]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2012-6-8 24576]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-07-09 22:10:10 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 22:10:10 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 22:10:09 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 22:10:09 965120 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 22:10:04 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 22:10:02 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 22:10:01 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 22:10:01 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 22:09:58 506880 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 22:09:55 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-06-30 18:22:45 -------- d-----w- c:\windows\ERUNT
2014-06-30 18:07:08 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-30 18:06:26 -------- d-----w- C:\AdwCleaner
2014-06-30 00:12:20 388096 ----a-r- c:\users\renee\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-06-30 00:12:19 -------- d-----w- c:\program files\Trend Micro
2014-06-29 21:41:29 -------- d-----w- c:\program files\CCleaner
2014-06-29 21:31:26 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 21:30:47 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-29 21:30:47 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-29 21:30:47 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-29 21:30:47 -------- d-----w- c:\programdata\Malwarebytes
2014-06-29 21:30:47 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-29 20:29:24 -------- d-----w- c:\users\renee\appdata\roaming\StormFall
2014-06-29 20:29:24 -------- d-----w- c:\users\renee\appdata\local\StormAlerts
2014-06-29 20:29:23 -------- d-----w- c:\users\renee\appdata\local\StormFall
2014-06-22 21:08:04 -------- d-----w- c:\programdata\WebEx
.
==================== Find3M  ====================
.
2014-07-08 23:54:58 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 23:54:58 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH: 10:02:53.20 ===============
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 24 July 2014 - 07:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 usp8baller

usp8baller
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 25 July 2014 - 11:41 PM

adwcleaner log file

 

__________________________

# AdwCleaner v3.216 - Report created 25/07/2014 at 23:32:00
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Renee - LAPDOG
# Running from : C:\Users\Renee\Downloads\adwcleaner_3.216.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\Tasks\Rocket Updater
File Found : C:\Windows\Tasks\Rocket Updater.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CBA907-DB2C-4DB3-9871-5336EA81A2A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CBA907-DB2C-4DB3-9871-5336EA81A2A1}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
 
*************************
 
AdwCleaner[R0].txt - [4625 octets] - [30/06/2014 13:06:28]
AdwCleaner[R1].txt - [1627 octets] - [25/07/2014 23:32:01]
AdwCleaner[S0].txt - [4952 octets] - [30/06/2014 13:08:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1747 octets] ##########


#4 usp8baller

usp8baller
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 25 July 2014 - 11:53 PM

adwcleaner after the cleaning
 
# AdwCleaner v3.216 - Report created 25/07/2014 at 23:41:37
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Renee - LAPDOG
# Running from : C:\Users\Renee\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\Tasks\Rocket Updater.job
File Deleted : C:\Windows\System32\Tasks\Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CBA907-DB2C-4DB3-9871-5336EA81A2A1}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CBA907-DB2C-4DB3-9871-5336EA81A2A1}
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
 
*************************
 
AdwCleaner[R0].txt - [4625 octets] - [30/06/2014 13:06:28]
AdwCleaner[R1].txt - [1827 octets] - [25/07/2014 23:32:01]
AdwCleaner[S0].txt - [4952 octets] - [30/06/2014 13:08:04]
AdwCleaner[S1].txt - [1778 octets] - [25/07/2014 23:41:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1838 octets] ##########


#5 usp8baller

usp8baller
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 26 July 2014 - 12:07 AM

farbar log

 

___________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Renee (administrator) on LAPDOG on 25-07-2014 23:55:43
Running from C:\Users\Renee\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dell Inc.) C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
(Dell Inc.) C:\Program Files\Dell Remote Access\ezi_ra.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\Run: [Google Update] => C:\Users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-05-23] (Google Inc.)
HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Renee\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 22 (the data entry has 95 more characters).
HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Renee\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2 (the data entry has 87 more characters).
HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\MountPoints2: {86d16923-87e0-11de-829b-002219e908d2} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} http://webmail.bjservices.com/iNotes6W.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default
FF DefaultSearchEngine: WSE Rocket
FF SelectedSearchEngine: WSE Rocket
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Renee\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Renee\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Renee\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-18]
FF Extension: Upromise TurboSaver - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\Extensions\FFToolbar@upromise.xpi [2012-05-04]
FF Extension: Adblock Plus - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04]
FF Extension: Tab Mix Plus - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-05-04]
FF Extension: DownThemAll! - C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\2twhja4t.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-05-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-01]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-03-29]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Renee\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Renee\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Renee\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Renee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Entanglement Web App) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-14]
CHR Extension: (Angry Birds) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-03-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Diamond Dash) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdmddaffbbibfjebedbdbmlhcnbmnklg [2012-03-11]
CHR Extension: (Mahjong Games) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\elfggdkgkgnhhohgfpgaebjcapdaeofp [2012-03-11]
CHR Extension: (Mahjong Daily) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglcbpjnmkbgimmaooidnnlienhmldon [2012-03-11]
CHR Extension: (Boulder Dash Pirate's Quest) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmilljnhlkdhaankannfpncbpaofdoe [2012-03-11]
CHR Extension: (Siege Hero – Viking Vengeance) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfomhlbnciicmciejodphlggfbmhbbbo [2012-03-11]
CHR Extension: (Fieldrunners) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2012-03-11]
CHR Extension: (Dragons of Atlantis) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2012-03-11]
CHR Extension: (Poppit!) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-14]
CHR Extension: (Plants vs Zombies) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-03-11]
CHR Extension: (Google Wallet) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Sasquatch Survivor) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhlckbnnjkfnlakipclhedkhggpddeo [2012-03-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 hnmsvc; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [824560 2009-01-05] (Dell Inc.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2010-04-19] (FTDI Ltd.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-13] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [24576 2012-06-08] (Motorola Mobility Inc)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133472 2009-01-19] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [279488 2009-01-19] (Creative Technology Ltd.)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-25 23:55 - 2014-07-25 23:56 - 00021996 _____ () C:\Users\Renee\Downloads\FRST.txt
2014-07-25 23:55 - 2014-07-25 23:55 - 00000000 ____D () C:\FRST
2014-07-25 23:30 - 2014-07-25 23:30 - 01354223 _____ () C:\Users\Renee\Downloads\adwcleaner_3.216.exe
2014-07-25 23:26 - 2014-07-25 23:27 - 01084416 _____ (Farbar) C:\Users\Renee\Downloads\FRST.exe
2014-07-19 10:05 - 2014-07-19 10:05 - 00002088 _____ () C:\Users\Renee\Desktop\attach.zip
2014-07-19 10:04 - 2014-07-19 10:04 - 00016616 _____ () C:\Users\Renee\Desktop\DDS2.txt
2014-07-19 10:03 - 2014-07-19 10:03 - 00005234 _____ () C:\Users\Renee\Desktop\attach.txt
2014-07-19 10:03 - 2014-07-19 10:02 - 00016616 _____ () C:\Users\Renee\Desktop\dds.txt
2014-07-19 10:00 - 2014-07-19 10:00 - 00688992 ____R (Swearware) C:\Users\Renee\Downloads\dds.com
2014-07-09 17:10 - 2014-06-06 19:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:09 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:09 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 17:08 - 2014-06-06 19:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:08 - 2014-06-06 18:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:08 - 2014-06-06 18:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:08 - 2014-06-06 18:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:08 - 2014-06-06 18:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:08 - 2014-06-06 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:08 - 2014-06-06 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 17:08 - 2014-06-06 17:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:08 - 2014-06-06 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:08 - 2014-06-06 17:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 17:08 - 2014-06-06 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:08 - 2014-06-06 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:08 - 2014-06-06 17:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:08 - 2014-06-06 17:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:08 - 2014-06-06 17:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 17:08 - 2014-06-06 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:08 - 2014-06-06 17:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:08 - 2014-06-06 17:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 17:08 - 2014-06-06 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:08 - 2014-06-06 17:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 17:08 - 2014-06-06 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-02 22:22 - 2014-07-02 22:22 - 00122705 _____ () C:\Users\Renee\Desktop\mbam report.txt
2014-07-02 22:18 - 2014-07-02 22:18 - 00122705 _____ () C:\Users\Renee\Desktop\CheckResults.txt
2014-07-02 22:17 - 2014-07-02 22:17 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Renee\Desktop\mbam-check-2.1.0.0002.exe
2014-07-02 21:51 - 2014-07-02 21:51 - 00001357 _____ () C:\Users\Renee\Desktop\eset scan.txt
2014-07-01 22:54 - 2014-07-01 22:55 - 02347384 _____ (ESET) C:\Users\Renee\Downloads\esetsmartinstaller_enu (1).exe
2014-06-30 14:04 - 2014-06-30 14:04 - 00001174 _____ () C:\Users\Renee\Desktop\JRT.txt
2014-06-30 13:22 - 2014-06-30 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 13:18 - 2014-06-30 13:19 - 01016261 _____ (Thisisu) C:\Users\Renee\Downloads\JRT.exe
2014-06-30 13:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-30 13:06 - 2014-07-25 23:42 - 00000000 ____D () C:\AdwCleaner
2014-06-29 19:12 - 2014-06-29 19:15 - 00002523 _____ () C:\Users\Renee\Desktop\HiJackThis.lnk
2014-06-29 19:12 - 2014-06-29 19:12 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-29 19:12 - 2014-06-29 19:12 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-29 19:09 - 2014-06-29 19:09 - 01402880 _____ () C:\Users\Renee\Downloads\HijackThis.msi
2014-06-29 16:41 - 2014-06-29 16:41 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-29 16:41 - 2014-06-29 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-29 16:41 - 2014-06-29 16:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-29 16:31 - 2014-07-13 22:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 16:30 - 2014-06-29 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-29 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-29 16:24 - 2014-06-29 16:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Renee\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 15:29 - 2014-06-29 16:02 - 00000000 ____D () C:\Users\Renee\AppData\Local\StormAlerts
2014-06-29 15:29 - 2014-06-29 15:29 - 00001974 _____ () C:\Users\Renee\Desktop\StormFall.lnk
2014-06-29 15:29 - 2014-06-29 15:29 - 00000044 _____ () C:\Users\Renee\AppData\Roaming\WB.CFG
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\StormFall
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Local\StormFall
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-25 23:56 - 2014-07-25 23:55 - 00021996 _____ () C:\Users\Renee\Downloads\FRST.txt
2014-07-25 23:55 - 2014-07-25 23:55 - 00000000 ____D () C:\FRST
2014-07-25 23:53 - 2012-06-14 13:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 23:51 - 2009-04-27 06:00 - 01453653 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 23:47 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 23:47 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 23:46 - 2012-12-28 14:52 - 00000000 ____D () C:\Temp
2014-07-25 23:45 - 2009-05-01 11:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-25 23:45 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 23:44 - 2008-01-20 21:47 - 00142014 _____ () C:\Windows\PFRO.log
2014-07-25 23:42 - 2014-06-30 13:06 - 00000000 ____D () C:\AdwCleaner
2014-07-25 23:42 - 2006-11-02 08:01 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 23:30 - 2014-07-25 23:30 - 01354223 _____ () C:\Users\Renee\Downloads\adwcleaner_3.216.exe
2014-07-25 23:27 - 2014-07-25 23:26 - 01084416 _____ (Farbar) C:\Users\Renee\Downloads\FRST.exe
2014-07-25 23:01 - 2009-07-02 16:20 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1826074829-1857208923-1752575233-1000UA.job
2014-07-25 21:16 - 2014-02-01 16:23 - 00000000 ____D () C:\Users\Renee\AppData\Local\Battle.net
2014-07-25 18:11 - 2009-05-01 22:09 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-07-25 18:09 - 2014-02-01 17:11 - 00000000 ____D () C:\Program Files\Hearthstone
2014-07-25 17:44 - 2009-07-02 16:20 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1826074829-1857208923-1752575233-1000Core.job
2014-07-25 17:35 - 2014-02-01 16:22 - 00000000 ____D () C:\Program Files\Battle.net
2014-07-25 08:41 - 2010-10-16 07:31 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-19 10:05 - 2014-07-19 10:05 - 00002088 _____ () C:\Users\Renee\Desktop\attach.zip
2014-07-19 10:04 - 2014-07-19 10:04 - 00016616 _____ () C:\Users\Renee\Desktop\DDS2.txt
2014-07-19 10:03 - 2014-07-19 10:03 - 00005234 _____ () C:\Users\Renee\Desktop\attach.txt
2014-07-19 10:02 - 2014-07-19 10:03 - 00016616 _____ () C:\Users\Renee\Desktop\dds.txt
2014-07-19 10:00 - 2014-07-19 10:00 - 00688992 ____R (Swearware) C:\Users\Renee\Downloads\dds.com
2014-07-19 09:41 - 2013-10-15 07:42 - 00002044 _____ () C:\Users\Renee\Desktop\Google Chrome.lnk
2014-07-16 22:42 - 2009-07-20 09:13 - 00007512 _____ () C:\Users\Renee\AppData\Local\d3d9caps.dat
2014-07-13 22:05 - 2014-06-29 16:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 00:10 - 2010-03-24 21:33 - 00000000 _____ () C:\Users\Renee\AppData\Local\prvlcl.dat
2014-07-10 03:25 - 2006-11-02 07:47 - 00300208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:22 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:05 - 2013-08-16 03:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2006-11-02 05:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 18:54 - 2012-06-14 13:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 18:54 - 2011-05-17 04:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-02 22:22 - 2014-07-02 22:22 - 00122705 _____ () C:\Users\Renee\Desktop\mbam report.txt
2014-07-02 22:18 - 2014-07-02 22:18 - 00122705 _____ () C:\Users\Renee\Desktop\CheckResults.txt
2014-07-02 22:17 - 2014-07-02 22:17 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Renee\Desktop\mbam-check-2.1.0.0002.exe
2014-07-02 21:51 - 2014-07-02 21:51 - 00001357 _____ () C:\Users\Renee\Desktop\eset scan.txt
2014-07-01 22:55 - 2014-07-01 22:54 - 02347384 _____ (ESET) C:\Users\Renee\Downloads\esetsmartinstaller_enu (1).exe
2014-06-30 15:37 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-30 14:04 - 2014-06-30 14:04 - 00001174 _____ () C:\Users\Renee\Desktop\JRT.txt
2014-06-30 13:22 - 2014-06-30 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 13:19 - 2014-06-30 13:18 - 01016261 _____ (Thisisu) C:\Users\Renee\Downloads\JRT.exe
2014-06-29 19:15 - 2014-06-29 19:12 - 00002523 _____ () C:\Users\Renee\Desktop\HiJackThis.lnk
2014-06-29 19:12 - 2014-06-29 19:12 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-29 19:12 - 2014-06-29 19:12 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-29 19:09 - 2014-06-29 19:09 - 01402880 _____ () C:\Users\Renee\Downloads\HijackThis.msi
2014-06-29 16:41 - 2014-06-29 16:41 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-29 16:41 - 2014-06-29 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-29 16:41 - 2014-06-29 16:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-29 16:30 - 2014-06-29 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 16:30 - 2014-06-29 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-29 16:26 - 2014-06-29 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Renee\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 16:02 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Local\StormAlerts
2014-06-29 15:47 - 2012-04-28 19:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 15:29 - 2014-06-29 15:29 - 00001974 _____ () C:\Users\Renee\Desktop\StormFall.lnk
2014-06-29 15:29 - 2014-06-29 15:29 - 00000044 _____ () C:\Users\Renee\AppData\Roaming\WB.CFG
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\StormFall
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2014-06-29 15:29 - 2014-06-29 15:29 - 00000000 ____D () C:\Users\Renee\AppData\Local\StormFall
2014-06-28 12:07 - 2013-05-06 22:19 - 00000000 ____D () C:\Users\Renee\AppData\Local\CutePDF Writer
 
Some content of TEMP:
====================
C:\Users\Renee\AppData\Local\Temp\converter.exe
C:\Users\Renee\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Renee\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Renee\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Renee\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Renee\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Renee\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Renee\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Renee\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Renee\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exe
C:\Users\Renee\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-25 23:52
 
==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 26 July 2014 - 07:04 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    HKU\S-1-5-21-1826074829-1857208923-1752575233-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Renee\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 22 (the data entry has 95 more characters).
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    FF DefaultSearchEngine: WSE Rocket
    FF SelectedSearchEngine: WSE Rocket
    CHR Plugin: (Shockwave Flash) - C:\Users\Renee\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
    CHR Plugin: (Google Update) - C:\Users\Renee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Extension: (Poppit!) - C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-14]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 31 July 2014 - 10:11 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 PM

Posted 06 August 2014 - 09:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users