Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malwares weatherbug and others that keep comming back.


  • This topic is locked This topic is locked
16 replies to this topic

#1 johnnychav

johnnychav

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 July 2014 - 03:55 PM

Iv'e deleted some of the malware but it just returns programs Ive downloaded get deleted when computer restarts as if it a system restore but the logs are still on the desktop so it cant be a suystem restore.Also date will change back to 2007 so i cant access internet unless I change date .And get pop ups from google telling me to download new updates and many other advertisements that just look not real.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.45.2 \

Run by johhny at 1:32:14 on 2014-07-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.662 [GMT -5:00] . AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . c:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\hmhfslexky64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\AWS\WeatherBug\Weather.exe C:\Users\johhny\AppData\Local\Search Protect\spro.exe C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Bench\BService\bservice.exe C:\Program Files (x86)\Bench\Wd\wd.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Fast Browser\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M9B33DAA5-8D19-47D0-B6A1-9C701E524205&SearchSource=55&CUI=&UM=5&UP=SPF7C86A7B-59A8-4689-AC5D-D6CD877B01F6&SSPV= uProxyOverride = <-loopback> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: {10AD2C61-0898-4348-8600-14A342F22AC3} - BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Simple.BHO: {886bf106-6ebf-4ef4-8676-6663caabbda4} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 uRun: [Overwolf] c:\program files (x86)\overwolf\overwolf.exe -silent uRun: [GoogleChromeAutoLaunch_EDA8AFE9F6ACD2C7E140717C8442A80C] "C:\Program Files (x86)\Fast Browser\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" uRun: [Search Protect] C:\Users\johhny\AppData\Local\Search Protect\spro.exe uRun: [Google Update] "C:\Users\johhny\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Razer Anansi Driver] C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" mRun: [BService] C:\Program Files (x86)\Bench\BService\bservice.exe mRun: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe mRun: [Bench Settings Cleaner] C:\Program Files (x86)\Bench\Proxy\cl.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 24.217.0.5 71.9.127.107 24.159.64.23 TCP: Interfaces\{3188666A-AA23-4085-8C8D-C5802EB413BD} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{D4BCE512-ACA0-4E8D-A260-AF261A3611F8} : DHCPNameServer = 24.217.0.5 71.9.127.107 24.159.64.23 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - mASetup: {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} - "C:\Program Files (x86)\Fast Browser\Application\34.0.1848.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-4-22 21184] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-7-6 21104] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-12 254528] R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-17 46376] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-5-15 881952] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-7-10 3244048] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-7-10 289328] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496] R2 SupraSavingsService64;SupraSavingsService64;C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\hmhfslexky64.exe [2014-7-17 172544] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-6 2655768] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-31 39200] R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-7-22 60416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-5-15 2151200] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-21 111616] S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-7-12 16616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-14 19456] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-6 413800] S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-8 154624] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2007-4-11 56832] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-14 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\johhny\Downloads\RealTemp_360\WinRing0x64.sys [2008-7-26 14544] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-07-28 05:16:16 -------- d-----w- C:\Users\johhny\AppData\Local\{74C3443B-2494-451B-BBC9-C8FD8A325169} 2014-07-27 19:25:05 -------- d-----w- C:\Users\johhny\AppData\Roaming\AVG2014 2014-07-27 19:24:13 -------- d-----w- C:\Users\johhny\AppData\Roaming\TuneUp Software 2014-07-27 19:23:44 -------- d--h--w- C:\$AVG 2014-07-27 19:23:44 -------- d-----w- C:\ProgramData\AVG2014 2014-07-27 19:14:53 -------- d-----w- C:\Program Files (x86)\AVG 2014-07-27 19:07:04 -------- d--h--w- C:\ProgramData\Common Files 2014-07-27 19:07:03 -------- d-----w- C:\Users\johhny\AppData\Local\MFAData 2014-07-27 19:07:03 -------- d-----w- C:\Users\johhny\AppData\Local\Avg2014 2014-07-27 19:07:03 -------- d-----w- C:\ProgramData\MFAData 2014-07-23 00:26:32 -------- d-----w- C:\Program Files (x86)\Simple 2014-07-23 00:26:25 -------- d-----w- C:\Users\johhny\AppData\Local\Search Protect 2014-07-23 00:26:03 -------- d-----w- C:\Program Files (x86)\Like 2014-07-23 00:08:09 -------- d-----w- C:\Users\johhny\AppData\Roaming\PC Speed Maximizer 2014-07-23 00:07:57 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2014-07-23 00:07:57 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2014-07-23 00:07:56 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2014-07-23 00:07:56 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2014-07-23 00:07:56 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2014-07-23 00:07:49 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-07-21 05:55:15 98816 ----a-w- C:\Windows\sed.exe 2014-07-21 05:55:15 256000 ----a-w- C:\Windows\PEV.exe 2014-07-21 05:55:15 208896 ----a-w- C:\Windows\MBR.exe 2014-07-21 05:50:35 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-07-21 05:50:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-07-21 05:50:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-07-17 18:20:10 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys 2014-07-08 04:55:24 -------- d-----w- C:\Users\johhny\AppData\Roaming\IMVU 2014-07-08 04:54:50 -------- d-----w- C:\Users\johhny\AppData\Roaming\IMVUClient 2014-07-04 15:26:34 -------- d-----w- C:\ProgramData\Roblox 2014-07-04 15:24:35 -------- d-----w- C:\Program Files (x86)\Roblox 2014-06-30 18:08:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-30 17:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2014-06-30 16:05:00 -------- d-----w- C:\Program Files\Enigma Software Group 2014-06-30 07:40:03 -------- d-----w- C:\Program Files (x86)\Image Resizer 2014-06-30 05:47:03 -------- d-----w- C:\Program Files (x86)\Origin Games 2014-06-30 05:44:10 -------- d-----w- C:\ProgramData\HitmanPro 2014-06-30 05:06:42 -------- d-----w- C:\Windows\ERUNT . ==================== Find3M ==================== . 2014-07-23 00:45:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-23 00:45:18 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll 2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll 2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll 2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll 2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe 2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe 2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys 2014-06-17 21:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2014-06-17 21:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2014-06-17 21:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2014-06-17 21:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2014-06-17 21:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2014-06-17 21:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2014-06-17 21:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll 2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll 2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll 2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll 2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll 2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll 2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll 2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll 2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll . ============= FINISH: 1:33:43.28 ===============


Edited by hamluis, 28 July 2014 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 29 July 2014 - 04:41 AM





Hello johnnychav

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 29 July 2014 - 01:29 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by johhny (administrator) on JOHHNY-PC on 28-07-2014 23:19:20 Running from C:\Users\johhny\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\hmhfslexky64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (Home) C:\Users\johhny\AppData\Local\Search Protect\spro.exe (Razer USA Ltd) C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Bench\BService\bservice.exe () C:\Program Files (x86)\Bench\Wd\wd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU\LULnchr.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU\LogitechUpdate.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe (Fast Browser) C:\Program Files (x86)\Fast Browser\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-04] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [Razer Anansi Driver] => C:\Program Files (x86)\Razer\Anansi\RazerAnansiSysTray.exe [939416 2011-07-11] (Razer USA Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" HKLM-x32\...\Run: [BService] => C:\Program Files (x86)\Bench\BService\bservice.exe [51712 2014-04-30] () HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe [61952 2014-04-22] () HKLM-x32\...\Run: [Bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-05-27] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2288928 2014-02-11] (IObit) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [Advanced SystemCare 5] => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2012-11-20] (AWS Convergence Technologies, Inc.) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [Overwolf] => c:\program files (x86)\overwolf\overwolf.exe [39656 2011-08-31] (Overwolf) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [GoogleChromeAutoLaunch_EDA8AFE9F6ACD2C7E140717C8442A80C] => C:\Program Files (x86)\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [Search Protect] => C:\Users\johhny\AppData\Local\Search Protect\spro.exe [225792 2014-04-12] (Home) HKU\S-1-5-21-1351184121-2455987682-3771648398-1000\...\Run: [Google Update] => C:\Users\johhny\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-06] (Google Inc.) HKU\S-1-5-21-1351184121-2455987682-3771648398-1007\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M9B33DAA5-8D19-47D0-B6A1-9C701E524205&SearchSource=55&CUI=&UM=5&UP=SPF7C86A7B-59A8-4689-AC5D-D6CD877B01F6&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x78F5C9FE6606CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.safesear.ch/web/?type=20140722-sv-sshome-ie-df&q={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF7C86A7B-59A8-4689-AC5D-D6CD877B01F6&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPF7C86A7B-59A8-4689-AC5D-D6CD877B01F6&q={searchTerms}&SSPV= SearchScopes: HKCU - {406F715B-7A82-465D-8CE1-3B1C998287BD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=380920&p={searchTerms} SearchScopes: HKCU - {94E61E43-4A0D-4890-B006-16C5A0C11CE5} URL = https://us.search.yahoo.com/yhs/search?hspart=SGMedia&hsimp=yhs-sgm_ytb&p={searchTerms}&type=tb_ie_chr-20140529-135 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO-x32: No Name -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> No File BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Simple.BHO -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 24.217.0.5 71.9.127.107 24.159.64.23 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn/esnlaunch - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\johhny\AppData\Local\Roblox\Versions\version-5e847c35ea884813\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\johhny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\johhny\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\johhny\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\johhny\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\johhny\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\johhny\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-03-19] FF HKLM-x32\...\Firefox\Extensions: [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] - 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack} FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 0\extensions\{jid1-vS7biDmom8YxhA@jetpack} FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140529-135-ff-sm Chrome: ======= CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2007-04-11] CHR Extension: (No Name) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20] CHR Extension: (No Name) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2011-08-02] CHR Extension: (No Name) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-05-29] CHR Extension: (No Name) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-05-29] CHR Extension: (No Name) - C:\Users\johhny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-31] CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear.ch/?type=20140529-135-ch-sm CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [16616 2011-08-31] (Overwolf Ltd) R2 SupraSavingsService64; C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\hmhfslexky64.exe [172544 2014-07-17] () [File not signed] S2 PnkBstrA; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-12] (DT Soft Ltd) S3 gdrv; No ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-17] (NetFilterSDK.com) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation ) S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-07-08] (Razer USA Ltd) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 WinRing0_1_2_0; C:\Users\johhny\Downloads\RealTemp_360\WinRing0x64.sys [14544 2011-07-06] (OpenLibSys.org) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 23:19 - 2014-07-28 23:20 - 00022098 _____ () C:\Users\johhny\Desktop\FRST.txt 2014-07-28 23:19 - 2014-07-28 23:19 - 00000000 ____D () C:\FRST 2014-07-28 23:18 - 2014-07-28 23:18 - 02093568 _____ (Farbar) C:\Users\johhny\Desktop\FRST64.exe 2014-07-28 23:17 - 2014-07-28 23:18 - 02093568 _____ (Farbar) C:\Users\johhny\Downloads\FRST64.exe 2014-07-28 03:41 - 2014-07-28 21:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 02:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-28 02:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-28 02:15 - 2014-07-28 02:15 - 00003212 _____ () C:\Windows\System32\Tasks\Malwarebytes Secure Backup - jechavez2475@gmail.com 2014-07-28 02:15 - 2014-07-28 02:15 - 00000528 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - jechavez2475@gmail.com.job 2014-07-28 02:12 - 2014-07-28 21:27 - 00000490 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job 2014-07-28 02:12 - 2014-07-28 02:12 - 00003354 _____ () C:\Windows\System32\Tasks\Online Backup Update Notifier 2014-07-28 02:11 - 2014-07-28 02:16 - 00002062 _____ () C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk 2014-07-28 02:11 - 2014-07-28 02:11 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\johhny\Downloads\mbam-setup-1.75.0.1300 (1).exe 2014-07-28 02:11 - 2014-07-28 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2014-07-28 02:10 - 2014-07-28 21:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Secure Backup 2014-07-28 02:09 - 2014-07-28 02:09 - 14713592 _____ (Malwarebytes Corporation ) C:\Users\johhny\Downloads\mbsb-setup-1.0.0.0010.exe 2014-07-28 02:09 - 2014-07-28 02:09 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-07-28 01:34 - 2014-07-28 01:33 - 00021938 _____ () C:\Users\johhny\Desktop\dds.txt 2014-07-28 01:31 - 2014-07-28 01:31 - 00688992 ____R (Swearware) C:\Users\johhny\Desktop\dds.com 2014-07-28 01:31 - 2014-07-28 01:31 - 00688992 _____ (Swearware) C:\Users\johhny\Downloads\dds.com 2014-07-28 00:16 - 2014-07-28 00:16 - 00000000 ____D () C:\Users\johhny\AppData\Local\{74C3443B-2494-451B-BBC9-C8FD8A325169} 2014-07-27 14:25 - 2014-07-27 14:25 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\AVG2014 2014-07-27 14:24 - 2014-07-27 14:24 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-07-27 14:24 - 2014-07-27 14:24 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\TuneUp Software 2014-07-27 14:24 - 2014-07-27 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-07-27 14:23 - 2014-07-27 14:26 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-27 14:23 - 2014-07-27 14:23 - 00000000 ___HD () C:\$AVG 2014-07-27 14:14 - 2014-07-27 14:14 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-27 14:07 - 2014-07-28 21:14 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-27 14:07 - 2014-07-28 12:36 - 00000000 ____D () C:\Users\johhny\AppData\Local\Avg2014 2014-07-27 14:07 - 2014-07-27 14:07 - 00000000 ____D () C:\Users\johhny\AppData\Local\MFAData 2014-07-27 14:05 - 2014-07-27 14:05 - 04462440 _____ (AVG Technologies) C:\Users\johhny\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe 2014-07-27 13:44 - 2014-07-27 13:44 - 00030202 _____ () C:\Users\johhny\Downloads\johnchavez (1).dotx 2014-07-27 09:28 - 2014-07-27 09:28 - 00030202 _____ () C:\Users\johhny\Downloads\Hubby resume (2).dotx 2014-07-27 09:27 - 2014-07-27 09:27 - 00030202 _____ () C:\Users\johhny\Downloads\johnchavez.dotx 2014-07-27 09:27 - 2014-07-27 09:27 - 00030202 _____ () C:\Users\johhny\Downloads\Hubby resume (1).dotx 2014-07-26 22:24 - 2014-07-26 22:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Users\johhny\AppData\Local\Search Protect 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Program Files (x86)\Simple 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Program Files (x86)\Like 2014-07-22 19:08 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\PC Speed Maximizer 2014-07-22 19:07 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-21 00:56 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-21 00:56 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-21 00:56 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-21 00:56 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-21 00:56 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-21 00:56 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-21 00:56 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-21 00:56 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-07-21 00:56 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-07-21 00:55 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-21 00:55 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-21 00:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-21 00:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-21 00:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-21 00:55 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-21 00:55 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-21 00:55 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-21 00:54 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-21 00:54 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-21 00:54 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-21 00:53 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-21 00:53 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-21 00:53 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-21 00:53 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-21 00:53 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-21 00:53 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-21 00:53 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-21 00:53 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-21 00:53 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-21 00:53 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-21 00:53 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-21 00:53 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-21 00:53 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-21 00:53 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-21 00:53 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-21 00:53 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-21 00:53 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-21 00:53 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-21 00:53 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-21 00:53 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-21 00:53 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-21 00:53 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-21 00:53 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-21 00:53 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-21 00:53 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-21 00:53 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-21 00:53 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-21 00:53 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-21 00:53 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-21 00:53 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-21 00:53 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-21 00:53 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-21 00:53 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-21 00:53 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-21 00:53 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-21 00:53 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-21 00:53 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-21 00:53 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-21 00:53 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-21 00:53 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-21 00:53 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-21 00:53 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-21 00:53 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-21 00:53 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-21 00:53 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-21 00:53 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-21 00:53 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-21 00:53 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-21 00:53 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-21 00:53 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-21 00:53 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-21 00:53 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-21 00:53 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-21 00:53 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-21 00:53 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-21 00:53 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-21 00:50 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-21 00:50 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-21 00:50 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-17 13:20 - 2014-07-17 13:20 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys 2014-07-09 18:11 - 2014-07-09 18:12 - 00101675 _____ () C:\Users\johhny\Downloads\wha.htm 2014-07-07 23:55 - 2014-07-21 09:50 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\IMVU 2014-07-07 23:55 - 2007-04-11 03:12 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU 2014-07-07 23:54 - 2007-04-11 03:12 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\IMVUClient 2014-07-04 10:26 - 2014-07-04 10:26 - 00000000 ____D () C:\ProgramData\Roblox 2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Program Files (x86)\Roblox 2014-07-04 01:43 - 2014-07-28 01:34 - 00006010 _____ () C:\Users\johhny\Desktop\attach.txt 2014-06-30 14:46 - 2014-07-21 01:19 - 00000000 ____D () C:\Windows\erdnt 2014-06-30 13:09 - 2014-07-28 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-30 13:08 - 2014-07-28 21:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-06-30 11:05 - 2014-07-03 12:52 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-06-30 11:05 - 2014-06-30 11:05 - 00000000 _____ () C:\autoexec.bat 2014-06-30 02:40 - 2007-04-11 03:12 - 00000000 ____D () C:\Program Files (x86)\Image Resizer 2014-06-30 00:47 - 2014-06-30 00:47 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-30 00:44 - 2007-04-11 03:12 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-30 00:06 - 2014-06-30 00:06 - 00000000 ____D () C:\Windows\ERUNT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 23:20 - 2014-07-28 23:19 - 00022098 _____ () C:\Users\johhny\Desktop\FRST.txt 2014-07-28 23:19 - 2014-07-28 23:19 - 00000000 ____D () C:\FRST 2014-07-28 23:18 - 2014-07-28 23:18 - 02093568 _____ (Farbar) C:\Users\johhny\Desktop\FRST64.exe 2014-07-28 23:18 - 2014-07-28 23:17 - 02093568 _____ (Farbar) C:\Users\johhny\Downloads\FRST64.exe 2014-07-28 23:18 - 2014-05-12 15:16 - 00000000 ____D () C:\Program Files\suprasavings 2014-07-28 23:11 - 2014-04-12 00:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 22:45 - 2014-04-12 00:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-28 22:44 - 2011-07-06 09:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000UA.job 2014-07-28 21:59 - 2011-07-06 08:46 - 01734791 _____ () C:\Windows\WindowsUpdate.log 2014-07-28 21:46 - 2014-07-28 03:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 21:29 - 2014-07-28 02:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Secure Backup 2014-07-28 21:29 - 2014-06-30 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-28 21:29 - 2014-05-30 17:43 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected 2014-07-28 21:29 - 2014-05-29 21:04 - 00000000 ____D () C:\ProgramData\Npackd 2014-07-28 21:28 - 2014-04-12 00:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-28 21:27 - 2014-07-28 02:12 - 00000490 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job 2014-07-28 21:14 - 2014-07-27 14:07 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-28 20:19 - 2014-05-12 15:18 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job 2014-07-28 19:44 - 2011-07-06 09:14 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000Core.job 2014-07-28 19:27 - 2014-05-12 15:18 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-1351184121-2455987682-3771648398-1000.job 2014-07-28 13:15 - 2014-05-12 15:18 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\VOPackage 2014-07-28 13:15 - 2014-05-12 15:18 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-07-28 12:58 - 2014-05-12 15:18 - 00000000 ____D () C:\Program Files (x86)\Savings Hen 2014-07-28 12:58 - 2014-05-12 15:12 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-07-28 12:36 - 2014-07-27 14:07 - 00000000 ____D () C:\Users\johhny\AppData\Local\Avg2014 2014-07-28 06:57 - 2014-01-01 15:30 - 00001366 _____ () C:\Users\johhny\Desktop\ROBLOX Player.lnk 2014-07-28 06:57 - 2014-01-01 15:30 - 00001185 _____ () C:\Users\johhny\Desktop\ROBLOX Studio 2013.lnk 2014-07-28 06:57 - 2014-01-01 15:30 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-07-28 02:29 - 2014-06-30 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-28 02:29 - 2014-03-11 15:04 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-28 02:29 - 2014-03-11 15:04 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\Malwarebytes 2014-07-28 02:28 - 2014-03-11 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-28 02:16 - 2014-07-28 02:11 - 00002062 _____ () C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk 2014-07-28 02:15 - 2014-07-28 02:15 - 00003212 _____ () C:\Windows\System32\Tasks\Malwarebytes Secure Backup - jechavez2475@gmail.com 2014-07-28 02:15 - 2014-07-28 02:15 - 00000528 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - jechavez2475@gmail.com.job 2014-07-28 02:12 - 2014-07-28 02:12 - 00003354 _____ () C:\Windows\System32\Tasks\Online Backup Update Notifier 2014-07-28 02:11 - 2014-07-28 02:11 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\johhny\Downloads\mbam-setup-1.75.0.1300 (1).exe 2014-07-28 02:11 - 2014-07-28 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2014-07-28 02:11 - 2014-03-11 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-28 02:09 - 2014-07-28 02:09 - 14713592 _____ (Malwarebytes Corporation ) C:\Users\johhny\Downloads\mbsb-setup-1.0.0.0010.exe 2014-07-28 02:09 - 2014-07-28 02:09 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-07-28 01:34 - 2014-07-04 01:43 - 00006010 _____ () C:\Users\johhny\Desktop\attach.txt 2014-07-28 01:33 - 2014-07-28 01:34 - 00021938 _____ () C:\Users\johhny\Desktop\dds.txt 2014-07-28 01:31 - 2014-07-28 01:31 - 00688992 ____R (Swearware) C:\Users\johhny\Desktop\dds.com 2014-07-28 01:31 - 2014-07-28 01:31 - 00688992 _____ (Swearware) C:\Users\johhny\Downloads\dds.com 2014-07-28 00:19 - 2009-07-13 23:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-28 00:19 - 2009-07-13 23:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-28 00:16 - 2014-07-28 00:16 - 00000000 ____D () C:\Users\johhny\AppData\Local\{74C3443B-2494-451B-BBC9-C8FD8A325169} 2014-07-28 00:16 - 2011-07-12 09:25 - 00000000 ____D () C:\Users\johhny\AppData\Local\Windows Live 2014-07-27 14:26 - 2014-07-27 14:23 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-27 14:25 - 2014-07-27 14:25 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\AVG2014 2014-07-27 14:24 - 2014-07-27 14:24 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-07-27 14:24 - 2014-07-27 14:24 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\TuneUp Software 2014-07-27 14:24 - 2014-07-27 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-07-27 14:23 - 2014-07-27 14:23 - 00000000 ___HD () C:\$AVG 2014-07-27 14:18 - 2011-07-11 18:10 - 00000000 ____D () C:\Users\johhny\Downloads\Fable.III-SKIDROW 2014-07-27 14:18 - 2011-07-06 09:08 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-07-27 14:14 - 2014-07-27 14:14 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-27 14:07 - 2014-07-27 14:07 - 00000000 ____D () C:\Users\johhny\AppData\Local\MFAData 2014-07-27 14:05 - 2014-07-27 14:05 - 04462440 _____ (AVG Technologies) C:\Users\johhny\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe 2014-07-27 13:44 - 2014-07-27 13:44 - 00030202 _____ () C:\Users\johhny\Downloads\johnchavez (1).dotx 2014-07-27 13:22 - 2014-05-12 15:17 - 00003254 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule 2014-07-27 13:21 - 2014-05-27 19:31 - 00000003 _____ () C:\Users\johhny\AppData\Local\proxy.log 2014-07-27 09:28 - 2014-07-27 09:28 - 00030202 _____ () C:\Users\johhny\Downloads\Hubby resume (2).dotx 2014-07-27 09:27 - 2014-07-27 09:27 - 00030202 _____ () C:\Users\johhny\Downloads\johnchavez.dotx 2014-07-27 09:27 - 2014-07-27 09:27 - 00030202 _____ () C:\Users\johhny\Downloads\Hubby resume (1).dotx 2014-07-26 22:28 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 22:24 - 2014-07-26 22:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-07-25 20:14 - 2011-07-09 14:14 - 00000000 ____D () C:\Fraps 2014-07-23 00:15 - 2014-01-14 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-22 19:45 - 2014-04-12 00:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-22 19:45 - 2014-04-12 00:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-22 19:45 - 2011-07-06 09:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-22 19:39 - 2011-07-06 09:14 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000UA 2014-07-22 19:39 - 2011-07-06 09:14 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000Core 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Users\johhny\AppData\Local\Search Protect 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Program Files (x86)\Simple 2014-07-22 19:26 - 2014-07-22 19:26 - 00000000 ____D () C:\Program Files (x86)\Like 2014-07-22 19:26 - 2014-05-29 21:00 - 00000258 __RSH () C:\Users\johhny\ntuser.pol 2014-07-22 19:26 - 2014-04-22 17:49 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan 2014-07-22 19:26 - 2014-04-22 17:49 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-07-22 19:26 - 2014-04-22 17:49 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) 2014-07-22 19:26 - 2014-04-22 17:49 - 00001109 _____ () C:\Users\Public\Desktop\Driver Booster.lnk 2014-07-22 19:26 - 2014-04-22 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-07-22 19:26 - 2011-07-06 07:41 - 00000000 ____D () C:\Users\johhny 2014-07-22 19:08 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\PC Speed Maximizer 2014-07-22 19:08 - 2014-06-10 15:42 - 00000000 ____D () C:\Users\johhny\Desktop\Steam 2014-07-22 00:25 - 2011-04-12 03:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-21 09:50 - 2014-07-07 23:55 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\IMVU 2014-07-21 01:19 - 2014-06-30 14:46 - 00000000 ____D () C:\Windows\erdnt 2014-07-17 13:20 - 2014-07-17 13:20 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys 2014-07-09 18:12 - 2014-07-09 18:11 - 00101675 _____ () C:\Users\johhny\Downloads\wha.htm 2014-07-04 10:26 - 2014-07-04 10:26 - 00000000 ____D () C:\ProgramData\Roblox 2014-07-04 10:24 - 2014-07-04 10:24 - 00000000 ____D () C:\Program Files (x86)\Roblox 2014-07-03 13:31 - 2007-04-11 00:26 - 00000000 ____D () C:\AdwCleaner 2014-07-03 12:52 - 2014-06-30 11:05 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-06-30 13:58 - 2009-09-01 21:30 - 00000000 ____D () C:\Temp 2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-06-30 11:05 - 2014-06-30 11:05 - 00000000 _____ () C:\autoexec.bat 2014-06-30 00:49 - 2011-07-30 06:02 - 00000000 ____D () C:\Users\johhny\AppData\Roaming\Origin 2014-06-30 00:49 - 2011-07-30 06:02 - 00000000 ____D () C:\Users\johhny\AppData\Local\Origin 2014-06-30 00:47 - 2014-06-30 00:47 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-06-30 00:06 - 2014-06-30 00:06 - 00000000 ____D () C:\Windows\ERUNT 2014-06-29 21:09 - 2014-07-21 00:56 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 21:04 - 2014-07-21 00:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\johhny\AppData\Local\Temp\jppxo3fp.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 00:36 ==================== End Of Log ============================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 29 July 2014 - 06:29 PM

Hello

Can you please try attaching the report

As it is I cannot read it

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 July 2014 - 11:41 AM

attached

Attached Files

  • Attached File  FRST.txt   49.24KB   1 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 31 July 2014 - 05:32 AM



Hello johnnychav

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 02 August 2014 - 05:00 PM

It is alot faster and no more pop ups But still have the weatherbug that loads everytime.Also Malewarebytes will not update says can't access update server it used to before the pc got really slow. .

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 02 August 2014 - 06:19 PM


Hello johnnychav

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 August 2014 - 03:26 PM

ComboFix 14-08-02.02 - johhny 08/02/2014  15:57:34.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.963 [GMT -5:00]
Running from: c:\users\johhny\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-02 to 2014-08-02  )))))))))))))))))))))))))))))))
.
.
2014-08-02 21:09 . 2014-08-02 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-02 21:09 . 2014-08-02 21:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-02 21:09 . 2014-08-02 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-31 05:20 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-07-31 05:20 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-31 05:20 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-31 05:20 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-07-31 05:20 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-07-31 05:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-07-31 05:20 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-07-31 05:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-07-31 05:20 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-07-31 05:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-07-31 05:19 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-31 05:19 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-07-31 05:19 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-07-31 05:19 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-31 01:57 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 08:01 . 2014-07-29 08:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-07-29 06:14 . 2014-07-29 06:14 -------- d-----w- c:\programdata\Avg_Update_0614t
2014-07-29 04:19 . 2014-07-29 04:22 -------- d-----w- C:\FRST
2014-07-28 08:41 . 2014-08-02 03:23 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 07:28 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-28 07:28 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-28 07:10 . 2014-07-29 02:29 -------- d-----w- c:\program files (x86)\Malwarebytes Secure Backup
2014-07-28 07:09 . 2014-07-28 07:09 -------- d-----w- c:\windows\Downloaded Installations
2014-07-27 19:25 . 2014-07-27 19:25 -------- d-----w- c:\users\johhny\AppData\Roaming\AVG2014
2014-07-27 19:24 . 2014-07-27 19:24 -------- d-----w- c:\users\johhny\AppData\Roaming\TuneUp Software
2014-07-27 19:23 . 2014-07-27 19:26 -------- d-----w- c:\programdata\AVG2014
2014-07-27 19:23 . 2014-07-27 19:23 -------- d-----w- C:\$AVG
2014-07-27 19:14 . 2014-07-27 19:14 -------- d-----w- c:\program files (x86)\AVG
2014-07-27 19:07 . 2014-07-27 19:07 -------- d--h--w- c:\programdata\Common Files
2014-07-27 19:07 . 2014-08-02 18:14 -------- d-----w- c:\programdata\MFAData
2014-07-27 19:07 . 2014-07-28 17:36 -------- d-----w- c:\users\johhny\AppData\Local\Avg2014
2014-07-27 19:07 . 2014-07-27 19:07 -------- d-----w- c:\users\johhny\AppData\Local\MFAData
2014-07-23 00:26 . 2014-07-23 00:26 -------- d-----w- c:\program files (x86)\Simple
2014-07-23 00:26 . 2014-07-23 00:26 -------- d-----w- c:\users\johhny\AppData\Local\Search Protect
2014-07-23 00:26 . 2014-07-23 00:26 -------- d-----w- c:\program files (x86)\Like
2014-07-23 00:07 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-23 00:07 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-23 00:07 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-23 00:07 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-23 00:07 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-23 00:07 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-21 05:53 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-21 05:50 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-21 05:50 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-21 05:50 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-08 04:55 . 2014-07-21 14:50 -------- d-----w- c:\users\johhny\AppData\Roaming\IMVU
2014-07-04 15:26 . 2014-07-04 15:26 -------- d-----w- c:\programdata\Roblox
2014-07-04 15:24 . 2014-07-04 15:24 -------- d-----w- c:\program files (x86)\Roblox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-23 00:45 . 2014-04-12 05:52 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-23 00:45 . 2011-07-06 14:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-30 17:43 . 2014-06-30 17:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-26 22:40 . 2011-07-06 15:00 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-17 21:21 . 2014-06-17 21:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 21:07 . 2014-06-17 21:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 21:06 . 2014-06-17 21:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 21:06 . 2014-06-17 21:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 21:06 . 2014-06-17 21:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 21:06 . 2014-06-17 21:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 21:06 . 2014-06-17 21:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-05-12 12:25 . 2014-03-11 20:03 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{886bf106-6ebf-4ef4-8676-6663caabbda4}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [BU]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2012-11-20 1653760]
"Overwolf"="c:\program files (x86)\overwolf\overwolf.exe" [2011-08-31 39656]
"GoogleChromeAutoLaunch_EDA8AFE9F6ACD2C7E140717C8442A80C"="c:\program files (x86)\Fast Browser\Application\chrome.exe" [2014-03-23 713728]
"Search Protect"="c:\users\johhny\AppData\Local\Search Protect\spro.exe" [2014-04-13 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Anansi Driver"="c:\program files (x86)\Razer\Anansi\RazerAnansiSysTray.exe" [2011-07-11 939416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
"SOSUAUI"="c:\program files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" [2013-04-02 53144]
"SMessaging"="c:\program files (x86)\Malwarebytes Secure Backup\SMessaging.exe" [2013-04-02 63896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\johhny\Downloads\RealTemp_360\WinRing0x64.sys;c:\users\johhny\Downloads\RealTemp_360\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}]
2014-05-30 02:00 1067520 ----a-w- c:\program files (x86)\Fast Browser\Application\34.0.1848.0\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-12 00:45]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 05:52]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 05:52]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000Core.job
- c:\users\johhny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 14:14]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1351184121-2455987682-3771648398-1000UA.job
- c:\users\johhny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 14:14]
.
2014-08-02 c:\windows\Tasks\Malwarebytes Secure Backup - jechavez2475@gmail.com.job
- c:\program files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [2013-04-02 01:36]
.
2014-08-02 c:\windows\Tasks\Online Backup Update Notifier.job
- c:\program files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe [2013-04-02 01:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-04 8060960]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M9B33DAA5-8D19-47D0-B6A1-9C701E524205&SearchSource=55&CUI=&UM=5&UP=SPF7C86A7B-59A8-4689-AC5D-D6CD877B01F6&SSPV=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 24.217.0.5 71.9.127.107 24.159.64.23
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-38959_Savings Hen - c:\users\johhny\AppData\Local\Savings Hen\uninstall.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\users\johhny\AppData\Local\VisualBeeExe\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-02  16:12:47
ComboFix-quarantined-files.txt  2014-08-02 21:12
ComboFix2.txt  2007-04-11 15:20
ComboFix3.txt  2007-04-11 05:13
ComboFix4.txt  2011-06-16 15:50
ComboFix5.txt  2014-08-02 20:53
.
Pre-Run: 206,403,600,384 bytes free
Post-Run: 206,349,258,752 bytes free
.
- - End Of File - - 300C203524964F822DDABFDD067CC4C3
A36C5E4F47E84449FF07ED3517B43A31
 


#10 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 August 2014 - 03:45 PM

The computer is running alot faster .I have not had any pop-ups  so far, the time and date has not changed when I turn the pc off and on but that was only occasional ,so hard to tell right now.

 I had turned real time protection off and avg would not allow me to download combofix didn't realize there was a temporary disable option so i did that and then was able to download and run it.I was using the windows security essential before and had switched back to avg cause I didn't have all these problems before.But so far everything seems normal but I had got it to this point before and it came back with a vengeance, the reason making the post.

 But so far so good.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 04 August 2014 - 05:46 AM


Hello johnnychav

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 08 August 2014 - 06:50 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 johnnychav

johnnychav
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 09 August 2014 - 06:51 PM

Yea im not done soon as im able to get back to pc i will run last thing you told me just give me like 1 more day had some stuff i had to take care of.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 09 August 2014 - 07:32 PM

No problem and I will check on you later


gringio
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 12 August 2014 - 07:45 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users