Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware- Adware-I don't know but its killing me


  • This topic is locked This topic is locked
15 replies to this topic

#1 wyattearp132

wyattearp132

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 12 September 2014 - 12:37 PM

Ads pop up in the lower right hand corner constantly and I get sent to a Google Survey page from time to time when I click on a link.  Have run every adwre/malware removal I can think to and an anti-virus and it is not touching it.  Please help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.65.2
Run by Christopher at 12:04:59 on 2014-09-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1564 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Users\Christopher\AppData\Local\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Christopher\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uProxyServer = 127.0.0.1:5050
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN35ABSG9T05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [uTorrent] "C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D}\2656C6B696E6E2634323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D}\3547F6E65605F6E697 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D}\841627779636B63775962756C6563737D274564795F65727F477E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D}\94D435F5D454449414 : DHCPNameServer = 10.126.0.1
TCP: Interfaces\{8BB36E2F-5FB1-4A39-A62A-98B03639886D}\C416155796E64716F594E6E6 : DHCPNameServer = 168.95.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\19vg2g0v.default-1410446039833\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christopher\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-6-20 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-6-20 348552]
R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-29 20056]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-24 89600]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 Diagnostics;Diagnostics;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-9-1 57344]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-9-11 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-11 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-9-11 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-9-11 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-9-11 189912]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
R2 Proxy;Proxy;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-9-1 57344]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-9-1 65657]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-8 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 2184496]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-6-20 72128]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-24 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-24 287232]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-6-20 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-6-20 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-10-31 35840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-9-11 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-8 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-8 295424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-2 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
.
=============== Created Last 30 ================
.
2014-09-12 08:01:00    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 08:01:00    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 01:40:36    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 01:40:36    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-12 01:40:20    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-12 01:40:20    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 01:40:00    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-12 01:40:00    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-12 01:40:00    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-12 01:39:59    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-12 01:39:59    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-12 01:39:52    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-12 01:39:52    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-11 20:03:24    197704    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
2014-09-11 20:02:58    --------    d-----w-    C:\Program Files (x86)\McAfee.com
2014-09-11 20:02:53    --------    d-----w-    C:\Program Files (x86)\Common Files\McAfee
2014-09-11 20:02:26    --------    d-----w-    C:\Program Files\McAfee.com
2014-09-11 20:02:26    --------    d-----w-    C:\Program Files\McAfee
2014-09-11 20:02:23    --------    d-----w-    C:\Program Files (x86)\McAfee
2014-09-11 19:50:56    --------    d-----w-    C:\Program Files\stinger
2014-09-11 19:50:28    189912    ----a-w-    C:\Windows\System32\mfevtps.exe
2014-09-11 19:50:26    --------    d-----w-    C:\Program Files\Common Files\McAfee
2014-09-11 18:42:41    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-09-11 18:42:36    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-11 17:38:06    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-11 16:57:26    --------    d-----w-    C:\ProgramData\HitmanPro
2014-09-11 16:33:03    --------    d-s---w-    C:\ComboFix
2014-09-11 13:47:25    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-11 13:43:50    --------    d--h--w-    C:\dvmexp
2014-09-11 13:40:10    --------    d-----w-    C:\AdwCleaner
2014-09-11 13:28:54    --------    d-----w-    C:\Windows\ERUNT
2014-09-09 12:36:05    --------    d-sh--w-    C:\Users\Christopher\AppData\Local\EmieUserList
2014-09-09 12:36:05    --------    d-sh--w-    C:\Users\Christopher\AppData\Local\EmieSiteList
2014-09-09 12:09:43    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FB81AB7-AE06-4D2F-849F-A5202F2BCAFC}\mpengine.dll
2014-09-04 13:00:31    --------    d-----w-    C:\Program Files (x86)\Common Files\Cache utility
2014-09-04 13:00:13    --------    d-----w-    C:\Program Files (x86)\Common Files\Display settings
2014-09-04 13:00:06    --------    d-----w-    C:\Program Files (x86)\Common Files\Hoist Search
2014-09-04 13:00:01    --------    d-----w-    C:\Program Files (x86)\Common Files\DealAlly
2014-09-04 02:37:02    --------    d-----w-    C:\Program Files (x86)\Common Files\Diagnostics
2014-09-04 02:36:56    --------    d-----w-    C:\Program Files (x86)\Common Files\Common dictionary
2014-09-02 15:07:52    --------    d-----w-    C:\ProgramData\89b87ea66ed33456
2014-09-02 15:07:49    --------    d-----w-    C:\Users\Christopher\AppData\Local\Comodo
2014-08-29 13:15:06    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-29 13:15:06    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-29 13:15:06    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-16 12:59:59    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-16 12:59:59    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-16 12:59:59    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-16 12:59:59    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-16 12:59:59    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-16 12:59:59    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-16 12:59:46    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 12:59:46    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-15 12:42:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 12:42:58    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
.
==================== Find3M  ====================
.
2014-09-10 13:33:13    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 13:33:13    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-05 14:20:00    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-07-25 07:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 19:33:10    11336    ----a-w-    C:\Windows\System32\drivers\mfeclnrk.sys
2014-07-24 19:32:30    96592    ----a-w-    C:\Windows\System32\drivers\mfencrk.sys
2014-07-24 19:31:56    444720    ----a-w-    C:\Windows\System32\drivers\mfencbdc.sys
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-11 08:02:05    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-06-20 15:38:22    72128    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2014-06-20 15:31:06    348552    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2014-06-20 15:26:02    786296    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2014-06-20 15:23:40    523792    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2014-06-20 15:21:48    313544    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2014-06-20 15:20:54    181704    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys

Attached Files



BC AdBot (Login to Remove)

 


#2 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 16 September 2014 - 09:52 AM

Thanks a pile for the help guys...could you at least suggest a adware/malware removal program that might work?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 17 September 2014 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 06:49 AM

Here is the log from malware bytes.  thanks for the help.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/18/2014
Scan Time: 15:38:27
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.18.08
Rootkit Database: v2014.09.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christopher
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397802
Time Elapsed: 26 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1478833764-2365237831-1100677447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [f6269a55d4a7b0864995b95afc073dc3], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.Bandoo, C:\Users\Christopher\Downloads\jZipSetup-r20-n-bf.exe, Quarantined, [001ce807d6a554e21d6dfcefce368080], 
PUP.Optional.OptimunInstaller, C:\Users\Christopher\Downloads\fl_setup.exe, Quarantined, [b16b5d9278036accaa2ed178dd23d030], 
PUP.Optional.Superfish.A, C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [33e96a859ddeb2848a03a07fec17b848], 
PUP.Optional.Superfish.A, C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [33e9549bf883e650276621fe669dda26], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 06:56 AM

Here is AdwCleaner log.

 

# AdwCleaner v3.310 - Report created 19/09/2014 at 06:51:23
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Christopher - CKNLAPTOP
# Running from : C:\Users\Christopher\Downloads\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Found : C:\Users\Christopher\Desktop\jZip.lnk
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Users\CHRIST~1\AppData\Local\Temp\jZip
Folder Found : C:\Users\Christopher\AppData\Local\jZip
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : [x64] HKCU\Software\jZip
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\19vg2g0v.default-1410446039833\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [10802 octets] - [11/09/2014 08:41:00]
AdwCleaner[R1].txt - [1025 octets] - [11/09/2014 13:18:26]
AdwCleaner[R2].txt - [2399 octets] - [19/09/2014 06:51:23]
AdwCleaner[S0].txt - [10597 octets] - [11/09/2014 08:42:21]
AdwCleaner[S1].txt - [1089 octets] - [11/09/2014 13:35:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2580 octets] ##########


#6 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 07:04 AM

I think this is the one you want.  The AdwCleaner report after the clean...

 

 # AdwCleaner v3.310 - Report created 19/09/2014 at 06:59:35

# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Christopher - CKNLAPTOP
# Running from : C:\Users\Christopher\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Christopher\AppData\Local\jZip
File Deleted : C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Christopher\Desktop\jZip.lnk
File Deleted : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKCU\Software\jZip
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\19vg2g0v.default-1410446039833\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [10802 octets] - [11/09/2014 08:41:00]
AdwCleaner[R1].txt - [1025 octets] - [11/09/2014 13:18:26]
AdwCleaner[R2].txt - [2664 octets] - [19/09/2014 06:51:23]
AdwCleaner[R3].txt - [2582 octets] - [19/09/2014 06:57:52]
AdwCleaner[S0].txt - [10597 octets] - [11/09/2014 08:42:21]
AdwCleaner[S1].txt - [1089 octets] - [11/09/2014 13:35:43]
AdwCleaner[S2].txt - [2645 octets] - [19/09/2014 06:59:35]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2705 octets] ########## 



#7 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 07:19 AM

Here is the first Farbar file.  I know I am supposed to attach the "addition" file, but for some reason there is no option for attachments as there was in my first post.  

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Christopher (administrator) on CKNLAPTOP on 19-09-2014 07:06:53
Running from C:\Users\Christopher\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-01] (IDT, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [uTorrent] => C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe [904272 2014-01-16] (BitTorrent Inc.)
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Policies\Explorer: [NoControlPanel] 0
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {158EE733-B223-4844-BE25-C8FF771C17C9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {F9E0CD4B-8365-459D-B0AB-A99CF8AB377C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF ProfilePath: C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\19vg2g0v.default-1410446039833
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Christopher\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Christopher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-16]
 
Chrome: 
=======
CHR Profile: C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google Search) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Sheets) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM-x32\...\Chrome\Extension: [aaacfokhpapepnmobpfdcoeeeinlllkc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha639\ch\WebexpEnhancedV1alpha639.crx []
CHR HKLM-x32\...\Chrome\Extension: [eigfnafpnmdjpcmeeldjnknnackigjgp] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4731\ch\MediaWatchV1home4731.crx []
CHR HKLM-x32\...\Chrome\Extension: [epgajnlpjdekoahdieccehfgfoceemli] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home7443\ch\MediaWatchV1home7443.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [hfeboigcnkknildkignoocchdpfgjhim] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4200\ch\MediaViewV1alpha4200.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [hngldpbalniaeefmmekajmoojnjlahml] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9277\ch\MediaViewV1alpha9277.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [jgilbdindfhdmmkmpocdooendkmnhjfk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta760\ch\VideoPlayerV3beta760.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [knhlfgglgchbadkkegpfoalfkbpanlpe] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6466\ch\MediaBuzzV1mode6466.crx [2014-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-16] (AVAST Software)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-01] () [File not signed]
R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-02-08] (DeviceVM, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-01] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-16] ()
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 07:06 - 2014-09-19 07:07 - 00022606 _____ () C:\Users\Christopher\Downloads\FRST.txt
2014-09-19 07:05 - 2014-09-19 07:06 - 00000000 ____D () C:\FRST
2014-09-19 07:05 - 2014-09-19 07:05 - 02105856 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2014-09-19 06:50 - 2014-09-19 06:50 - 01373475 _____ () C:\Users\Christopher\Downloads\adwcleaner_3.310.exe
2014-09-18 16:33 - 2014-09-18 16:33 - 00001888 _____ () C:\Users\Christopher\Desktop\malware.txt
2014-09-18 15:30 - 2014-09-19 07:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 15:30 - 2014-09-18 15:30 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 15:30 - 2014-09-18 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 15:30 - 2014-09-18 15:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 15:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 15:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 15:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 15:28 - 2014-09-18 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-16 10:14 - 2014-09-16 10:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\AVAST Software
2014-09-16 10:13 - 2014-09-19 06:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-16 10:13 - 2014-09-16 10:13 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-16 10:13 - 2014-09-16 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-16 10:12 - 2014-09-16 10:13 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-16 10:12 - 2014-09-16 10:12 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-16 10:12 - 2014-09-16 10:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-16 10:08 - 2014-09-16 10:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-16 10:07 - 2014-09-16 10:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-16 10:07 - 2014-09-16 10:07 - 04862664 _____ (AVAST Software) C:\Users\Christopher\Downloads\avast_free_antivirus_setup_online.exe
2014-09-16 10:04 - 2014-09-16 10:04 - 00001197 _____ () C:\Users\Christopher\Desktop\Continue Download &amp; Install Installation.lnk
2014-09-16 10:03 - 2014-09-16 10:03 - 00800960 _____ ( ) C:\Users\Christopher\Downloads\avast-free-antivirus_setup.exe
2014-09-16 09:42 - 2014-09-16 09:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 09:42 - 2014-09-16 09:42 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-16 09:36 - 2014-09-16 09:36 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Christopher\Downloads\AdbeRdr11007_en_US.exe
2014-09-16 09:35 - 2014-09-16 09:35 - 00857696 _____ ( ) C:\Users\Christopher\Downloads\Adobe_Reader_Setup (1).exe
2014-09-16 09:34 - 2014-09-16 09:34 - 00857696 _____ ( ) C:\Users\Christopher\Downloads\Adobe_Reader_Setup.exe
2014-09-12 20:02 - 2014-09-16 11:41 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-12 20:02 - 2014-09-12 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-12 20:01 - 2014-09-12 20:01 - 00895120 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup(1).exe
2014-09-12 18:08 - 2014-09-12 20:06 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla Firefox
2014-09-12 12:18 - 2014-09-12 12:18 - 00005455 _____ () C:\Users\Christopher\Desktop\attach.zip
2014-09-12 12:08 - 2014-09-12 12:08 - 00022920 _____ () C:\Users\Christopher\Desktop\attach.txt
2014-09-12 12:08 - 2014-09-12 12:07 - 00027041 _____ () C:\Users\Christopher\Desktop\dds.txt
2014-09-12 12:02 - 2014-09-12 12:02 - 00688992 ____R (Swearware) C:\Users\Christopher\Downloads\dds.com
2014-09-12 03:12 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:12 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:12 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:12 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:12 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:12 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:12 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:12 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:12 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:12 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:12 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:12 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:12 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:12 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:12 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:12 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:12 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:12 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:12 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:12 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:12 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:12 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:12 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:12 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:12 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:12 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:12 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:12 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:12 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:12 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:12 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:12 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:12 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:12 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:12 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:12 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:12 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:12 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:12 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:12 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:12 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:12 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:12 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:12 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:12 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:12 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:12 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:12 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:12 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:12 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:12 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:12 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:12 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:12 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:12 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:12 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 20:40 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 20:40 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 20:40 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 20:40 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 20:40 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 20:40 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 20:40 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 20:39 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 20:39 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 20:39 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 20:39 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 15:02 - 2014-09-18 16:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-11 14:50 - 2014-09-11 14:51 - 00000000 ____D () C:\Program Files\stinger
2014-09-11 14:49 - 2014-09-11 14:49 - 05160608 _____ (McAfee, Inc.) C:\Users\Christopher\Downloads\McAfeeSetup-Serial.exe
2014-09-11 14:48 - 2014-09-11 14:48 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-11 14:39 - 2014-09-11 14:39 - 00000000 ____D () C:\Users\Christopher\Downloads\SmitfraudFix
2014-09-11 14:38 - 2014-09-11 14:38 - 01885088 _____ () C:\Users\Christopher\Downloads\SmitfraudFix.exe
2014-09-11 13:42 - 2014-09-12 03:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-11 13:42 - 2014-09-11 14:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-11 13:42 - 2014-09-11 13:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-11 13:39 - 2014-09-11 13:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Christopher\Downloads\spybot-2.4.exe
2014-09-11 13:17 - 2014-09-11 13:17 - 01370467 _____ () C:\Users\Christopher\Downloads\AdwCleaner.exe
2014-09-11 12:27 - 2014-09-11 12:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-11 11:57 - 2014-09-11 12:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-11 11:57 - 2014-09-11 11:58 - 11194928 _____ (SurfRight B.V.) C:\Users\Christopher\Downloads\HitmanPro_x64.exe
2014-09-11 11:54 - 2014-09-11 11:54 - 05576769 _____ (Swearware) C:\Users\Christopher\Downloads\ComboFix(1).exe
2014-09-11 11:51 - 2014-09-11 11:51 - 00000000 ____D () C:\Qoobox
2014-09-11 11:33 - 2014-09-11 11:51 - 00000000 ___SD () C:\ComboFix
2014-09-11 11:30 - 2014-09-11 11:30 - 00018092 _____ () C:\ComboFix.txt
2014-09-11 10:43 - 2014-09-11 11:51 - 00000000 ____D () C:\Windows\erdnt
2014-09-11 10:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-11 10:42 - 2014-09-11 11:53 - 05576769 _____ (Swearware) C:\Users\Christopher\Downloads\ComboFix.exe
2014-09-11 09:56 - 2014-09-11 09:56 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Christopher\Downloads\iExplore64.exe
2014-09-11 09:56 - 2014-09-11 09:56 - 00013391 _____ () C:\Users\Christopher\Desktop\iExplore - Shortcut.lnk
2014-09-11 09:55 - 2014-09-11 09:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Christopher\Downloads\iExplore.exe
2014-09-11 09:51 - 2014-09-11 09:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Christopher\Downloads\tdsskiller.exe
2014-09-11 09:47 - 2014-09-11 09:47 - 08812165 _____ () C:\Users\Christopher\Downloads\StellariPodRecoveryMac.dmg.zip
2014-09-11 08:47 - 2014-09-11 08:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 08:46 - 2014-09-11 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-11 08:45 - 2014-09-11 08:46 - 01016261 _____ (Thisisu) C:\Users\Christopher\Downloads\JRT(1).exe
2014-09-11 08:44 - 2014-09-19 07:02 - 00000012 ____H () C:\dvmexp.idx
2014-09-11 08:43 - 2014-09-11 08:43 - 00000000 ___HD () C:\dvmexp
2014-09-11 08:40 - 2014-09-19 06:59 - 00000000 ____D () C:\AdwCleaner
2014-09-11 08:39 - 2014-09-11 08:39 - 01370467 _____ () C:\Users\Christopher\Downloads\adwcleaner_3.309.exe
2014-09-11 08:28 - 2014-09-11 08:28 - 01016261 _____ (Thisisu) C:\Users\Christopher\Downloads\JRT.exe
2014-09-11 08:28 - 2014-09-11 08:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 08:25 - 2014-09-11 11:57 - 10280824 _____ (SurfRight B.V.) C:\Users\Christopher\Downloads\HitmanPro.exe
2014-09-11 07:55 - 2014-09-11 09:34 - 00000000 ____D () C:\Users\Christopher\Desktop\Old Firefox Data
2014-09-09 07:36 - 2014-09-09 07:36 - 00000000 __SHD () C:\Users\Christopher\AppData\Local\EmieUserList
2014-09-09 07:36 - 2014-09-09 07:36 - 00000000 __SHD () C:\Users\Christopher\AppData\Local\EmieSiteList
2014-09-09 07:24 - 2014-09-09 07:24 - 00895120 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup.exe
2014-09-03 21:42 - 2014-09-15 06:29 - 00001024 _____ () C:\.rnd
2014-09-03 21:21 - 2014-09-03 21:22 - 12482878 _____ () C:\Users\Christopher\Downloads\Naked Gun - Baseball  ( good quality,longer ).mp4
2014-09-02 10:07 - 2014-09-18 15:27 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-02 10:07 - 2014-09-18 15:27 - 00000000 ____D () C:\Users\Guest
2014-09-02 10:07 - 2014-09-18 15:27 - 00000000 ____D () C:\Users\Administrator
2014-09-02 10:07 - 2014-09-11 08:33 - 00000000 ____D () C:\ProgramData\89b87ea66ed33456
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-01 09:54 - 2014-09-01 09:54 - 01575960 _____ () C:\Users\Christopher\Downloads\09.01.2014_Celebrity_Nude_Photo_Hack_Collection_-_.exe
2014-08-29 08:15 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:15 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:15 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-19 07:07 - 2014-09-19 07:06 - 00022606 _____ () C:\Users\Christopher\Downloads\FRST.txt
2014-09-19 07:06 - 2014-09-19 07:05 - 00000000 ____D () C:\FRST
2014-09-19 07:06 - 2010-06-08 04:46 - 01733115 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 07:05 - 2014-09-19 07:05 - 02105856 _____ (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2014-09-19 07:04 - 2014-09-18 15:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 07:02 - 2014-09-11 08:44 - 00000012 ____H () C:\dvmexp.idx
2014-09-19 07:02 - 2013-08-10 15:34 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\uTorrent
2014-09-19 07:01 - 2011-10-17 16:21 - 00311182 _____ () C:\Windows\setupact.log
2014-09-19 07:01 - 2010-11-26 18:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 07:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 07:00 - 2011-10-31 20:06 - 00169276 _____ () C:\Windows\PFRO.log
2014-09-19 06:59 - 2014-09-11 08:40 - 00000000 ____D () C:\AdwCleaner
2014-09-19 06:50 - 2014-09-19 06:50 - 01373475 _____ () C:\Users\Christopher\Downloads\adwcleaner_3.310.exe
2014-09-19 06:46 - 2014-09-16 10:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-19 06:46 - 2014-05-14 16:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 06:46 - 2010-11-26 18:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 16:44 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 16:44 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 16:36 - 2014-09-11 15:02 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-18 16:36 - 2011-03-03 10:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-18 16:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-18 16:33 - 2014-09-18 16:33 - 00001888 _____ () C:\Users\Christopher\Desktop\malware.txt
2014-09-18 15:36 - 2014-06-23 12:53 - 00000000 ____D () C:\Users\Christopher\AppData\Local\9A321E53-7E5C-4F87-85CD-844FD914DA56.aplzod
2014-09-18 15:36 - 2010-11-03 22:01 - 00000000 ____D () C:\Users\Christopher\Documents\Outlook Files
2014-09-18 15:30 - 2014-09-18 15:30 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 15:30 - 2014-09-18 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 15:30 - 2014-09-18 15:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 15:28 - 2014-09-18 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-18 15:27 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-18 15:27 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Guest
2014-09-18 15:27 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Administrator
2014-09-17 11:35 - 2014-01-02 19:47 - 00000000 ____D () C:\Users\Christopher\Desktop\2013 Taxes
2014-09-17 08:07 - 2010-02-27 20:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 08:04 - 2012-03-23 19:49 - 00000000 ____D () C:\ProgramData\Nero
2014-09-17 08:04 - 2012-03-23 19:48 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\Motorola
2014-09-17 08:04 - 2012-03-23 19:48 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-09-17 08:03 - 2012-03-23 22:29 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-09-17 07:13 - 2014-06-03 08:04 - 00000000 ____D () C:\Users\Christopher\Desktop\Omaha Grand Prix
2014-09-17 07:13 - 2013-06-21 16:37 - 00000000 ____D () C:\Users\Christopher\Desktop\Pine
2014-09-17 07:13 - 2012-02-08 10:40 - 00000000 ____D () C:\Users\Christopher\Desktop\IndyDeal
2014-09-17 07:12 - 2012-03-23 19:51 - 00000000 ____D () C:\Users\Christopher\.gstreamer-0.10
2014-09-17 07:09 - 2010-11-23 00:47 - 00000000 ____D () C:\temp
2014-09-16 11:41 - 2014-09-12 20:02 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-16 10:14 - 2014-09-16 10:14 - 00000000 ____D () C:\Users\Christopher\AppData\Roaming\AVAST Software
2014-09-16 10:13 - 2014-09-16 10:13 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-16 10:13 - 2014-09-16 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-16 10:13 - 2014-09-16 10:12 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-16 10:12 - 2014-09-16 10:12 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-16 10:12 - 2014-09-16 10:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-16 10:12 - 2014-09-16 10:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-16 10:08 - 2014-09-16 10:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-16 10:08 - 2014-09-16 10:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-16 10:07 - 2014-09-16 10:07 - 04862664 _____ (AVAST Software) C:\Users\Christopher\Downloads\avast_free_antivirus_setup_online.exe
2014-09-16 10:04 - 2014-09-16 10:04 - 00001197 _____ () C:\Users\Christopher\Desktop\Continue Download &amp; Install Installation.lnk
2014-09-16 10:03 - 2014-09-16 10:03 - 00800960 _____ ( ) C:\Users\Christopher\Downloads\avast-free-antivirus_setup.exe
2014-09-16 09:42 - 2014-09-16 09:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 09:42 - 2014-09-16 09:42 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-16 09:41 - 2010-02-27 21:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-16 09:41 - 2010-02-27 21:54 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-16 09:40 - 2014-02-11 10:11 - 00000000 ____D () C:\Users\Christopher\Desktop\Household
2014-09-16 09:36 - 2014-09-16 09:36 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Christopher\Downloads\AdbeRdr11007_en_US.exe
2014-09-16 09:35 - 2014-09-16 09:35 - 00857696 _____ ( ) C:\Users\Christopher\Downloads\Adobe_Reader_Setup (1).exe
2014-09-16 09:34 - 2014-09-16 09:34 - 00857696 _____ ( ) C:\Users\Christopher\Downloads\Adobe_Reader_Setup.exe
2014-09-15 06:29 - 2014-09-03 21:42 - 00001024 _____ () C:\.rnd
2014-09-12 20:06 - 2014-09-12 18:08 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla Firefox
2014-09-12 20:02 - 2014-09-12 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-12 20:02 - 2010-10-31 16:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-12 20:01 - 2014-09-12 20:01 - 00895120 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup(1).exe
2014-09-12 19:53 - 2014-07-31 09:05 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Mozilla Firefox.bak
2014-09-12 16:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 12:18 - 2014-09-12 12:18 - 00005455 _____ () C:\Users\Christopher\Desktop\attach.zip
2014-09-12 12:12 - 2013-12-30 11:02 - 00000000 ____D () C:\Users\Christopher\Desktop\2013 photos
2014-09-12 12:08 - 2014-09-12 12:08 - 00022920 _____ () C:\Users\Christopher\Desktop\attach.txt
2014-09-12 12:07 - 2014-09-12 12:08 - 00027041 _____ () C:\Users\Christopher\Desktop\dds.txt
2014-09-12 12:02 - 2014-09-12 12:02 - 00688992 ____R (Swearware) C:\Users\Christopher\Downloads\dds.com
2014-09-12 11:22 - 2014-01-29 13:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 03:35 - 2014-09-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-12 03:12 - 2010-02-27 21:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 03:10 - 2014-02-27 09:34 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:10 - 2009-07-14 00:13 - 00775124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 03:09 - 2013-07-29 10:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:02 - 2010-11-06 19:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-05-07 07:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 14:51 - 2014-09-11 14:50 - 00000000 ____D () C:\Program Files\stinger
2014-09-11 14:49 - 2014-09-11 14:49 - 05160608 _____ (McAfee, Inc.) C:\Users\Christopher\Downloads\McAfeeSetup-Serial.exe
2014-09-11 14:49 - 2012-09-04 08:15 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-11 14:48 - 2014-09-11 14:48 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-11 14:48 - 2014-09-11 13:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-11 14:39 - 2014-09-11 14:39 - 00000000 ____D () C:\Users\Christopher\Downloads\SmitfraudFix
2014-09-11 14:38 - 2014-09-11 14:38 - 01885088 _____ () C:\Users\Christopher\Downloads\SmitfraudFix.exe
2014-09-11 13:42 - 2014-09-11 13:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-11 13:40 - 2014-09-11 13:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Christopher\Downloads\spybot-2.4.exe
2014-09-11 13:18 - 2010-10-31 04:50 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Hewlett-Packard
2014-09-11 13:18 - 2010-02-27 22:15 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-09-11 13:17 - 2014-09-11 13:17 - 01370467 _____ () C:\Users\Christopher\Downloads\AdwCleaner.exe
2014-09-11 12:27 - 2014-09-11 12:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-11 12:17 - 2014-09-11 11:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-11 11:58 - 2014-09-11 11:57 - 11194928 _____ (SurfRight B.V.) C:\Users\Christopher\Downloads\HitmanPro_x64.exe
2014-09-11 11:57 - 2014-09-11 08:25 - 10280824 _____ (SurfRight B.V.) C:\Users\Christopher\Downloads\HitmanPro.exe
2014-09-11 11:54 - 2014-09-11 11:54 - 05576769 _____ (Swearware) C:\Users\Christopher\Downloads\ComboFix(1).exe
2014-09-11 11:53 - 2014-09-11 10:42 - 05576769 _____ (Swearware) C:\Users\Christopher\Downloads\ComboFix.exe
2014-09-11 11:51 - 2014-09-11 11:51 - 00000000 ____D () C:\Qoobox
2014-09-11 11:51 - 2014-09-11 11:33 - 00000000 ___SD () C:\ComboFix
2014-09-11 11:51 - 2014-09-11 10:43 - 00000000 ____D () C:\Windows\erdnt
2014-09-11 11:41 - 2010-10-31 04:44 - 00000000 ____D () C:\Users\Christopher
2014-09-11 11:39 - 2010-06-08 05:09 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-09-11 11:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-09-11 11:30 - 2014-09-11 11:30 - 00018092 _____ () C:\ComboFix.txt
2014-09-11 11:26 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-11 11:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-09-11 10:58 - 2009-07-13 21:34 - 88080384 _____ () C:\Windows\system32\config\software.bak
2014-09-11 10:58 - 2009-07-13 21:34 - 26476544 _____ () C:\Windows\system32\config\system.bak
2014-09-11 10:58 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-09-11 10:58 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-11 10:58 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-11 09:56 - 2014-09-11 09:56 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Christopher\Downloads\iExplore64.exe
2014-09-11 09:56 - 2014-09-11 09:56 - 00013391 _____ () C:\Users\Christopher\Desktop\iExplore - Shortcut.lnk
2014-09-11 09:55 - 2014-09-11 09:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Christopher\Downloads\iExplore.exe
2014-09-11 09:51 - 2014-09-11 09:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Christopher\Downloads\tdsskiller.exe
2014-09-11 09:47 - 2014-09-11 09:47 - 08812165 _____ () C:\Users\Christopher\Downloads\StellariPodRecoveryMac.dmg.zip
2014-09-11 09:34 - 2014-09-11 07:55 - 00000000 ____D () C:\Users\Christopher\Desktop\Old Firefox Data
2014-09-11 08:47 - 2014-09-11 08:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 08:46 - 2014-09-11 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christopher\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-11 08:46 - 2014-09-11 08:45 - 01016261 _____ (Thisisu) C:\Users\Christopher\Downloads\JRT(1).exe
2014-09-11 08:43 - 2014-09-11 08:43 - 00000000 ___HD () C:\dvmexp
2014-09-11 08:39 - 2014-09-11 08:39 - 01370467 _____ () C:\Users\Christopher\Downloads\adwcleaner_3.309.exe
2014-09-11 08:33 - 2014-09-02 10:07 - 00000000 ____D () C:\ProgramData\89b87ea66ed33456
2014-09-11 08:28 - 2014-09-11 08:28 - 01016261 _____ (Thisisu) C:\Users\Christopher\Downloads\JRT.exe
2014-09-11 08:28 - 2014-09-11 08:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-10 08:33 - 2014-05-14 16:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 08:33 - 2014-05-14 16:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 08:33 - 2014-05-14 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 07:36 - 2014-09-09 07:36 - 00000000 __SHD () C:\Users\Christopher\AppData\Local\EmieUserList
2014-09-09 07:36 - 2014-09-09 07:36 - 00000000 __SHD () C:\Users\Christopher\AppData\Local\EmieSiteList
2014-09-09 07:24 - 2014-09-09 07:24 - 00895120 _____ (Google Inc.) C:\Users\Christopher\Downloads\ChromeSetup.exe
2014-09-09 07:24 - 2010-11-26 18:32 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-09 07:24 - 2010-11-26 18:32 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-04 21:10 - 2014-09-11 20:39 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:05 - 2014-09-11 20:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 21:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-09-03 21:22 - 2014-09-03 21:21 - 12482878 _____ () C:\Users\Christopher\Downloads\Naked Gun - Baseball  ( good quality,longer ).mp4
2014-09-03 14:41 - 2010-11-06 19:05 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Windows Live
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Comodo
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-02 10:07 - 2014-09-02 10:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-02 10:07 - 2010-10-31 16:55 - 00000000 ____D () C:\Users\Christopher\AppData\Local\Google
2014-09-01 09:54 - 2014-09-01 09:54 - 01575960 _____ () C:\Users\Christopher\Downloads\09.01.2014_Celebrity_Nude_Photo_Hack_Collection_-_.exe
2014-08-30 07:26 - 2009-07-13 23:45 - 00357152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2010-11-02 20:18 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 21:07 - 2014-08-29 08:15 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-29 08:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-29 08:15 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
Some content of TEMP:
====================
C:\Users\Christopher\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmigvy.dll
C:\Users\Christopher\AppData\Local\Temp\ICReinstall_Adobe_Reader_Setup.exe
C:\Users\Christopher\AppData\Local\Temp\ICReinstall_avast-free-antivirus_setup.exe
C:\Users\Christopher\AppData\Local\Temp\Quarantine.exe
C:\Users\Christopher\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 10:56
 
==================== End Of Log ============================


#8 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 07:21 AM

Okay, here you go.  Computer is running the same.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 19 September 2014 - 08:47 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [uTorrent] => C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe [904272 2014-01-16] (BitTorrent Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {361EBF69-13D1-4D9B-ABBB-1BF2248A3CCF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN38232998441391811&UM=2
SearchScopes: HKCU - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-08]
CHR HKLM-x32\...\Chrome\Extension: [aaacfokhpapepnmobpfdcoeeeinlllkc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha639\ch\WebexpEnhancedV1alpha639.crx []
CHR HKLM-x32\...\Chrome\Extension: [eigfnafpnmdjpcmeeldjnknnackigjgp] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4731\ch\MediaWatchV1home4731.crx []
CHR HKLM-x32\...\Chrome\Extension: [epgajnlpjdekoahdieccehfgfoceemli] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home7443\ch\MediaWatchV1home7443.crx []
CHR HKLM-x32\...\Chrome\Extension: [hfeboigcnkknildkignoocchdpfgjhim] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4200\ch\MediaViewV1alpha4200.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [hngldpbalniaeefmmekajmoojnjlahml] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9277\ch\MediaViewV1alpha9277.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [jgilbdindfhdmmkmpocdooendkmnhjfk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta760\ch\VideoPlayerV3beta760.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [knhlfgglgchbadkkegpfoalfkbpanlpe] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6466\ch\MediaBuzzV1mode6466.crx [2014-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:BC359956
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#10 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 09:40 AM

Here is the FixLog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Christopher at 2014-09-19 09:23:43 Run:1
Running from C:\Users\Christopher\Desktop\FRST Fix
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\...\Run: [uTorrent] => C:\Users\Christopher\AppData\Roaming\uTorrent\uTorrent.exe [904272 2014-01-16] (BitTorrent Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {5762CC44-03B1-44BA-BF1C-DF364B26F491} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-08]
CHR HKLM-x32\...\Chrome\Extension: [aaacfokhpapepnmobpfdcoeeeinlllkc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha639\ch\WebexpEnhancedV1alpha639.crx []
CHR HKLM-x32\...\Chrome\Extension: [eigfnafpnmdjpcmeeldjnknnackigjgp] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4731\ch\MediaWatchV1home4731.crx []
CHR HKLM-x32\...\Chrome\Extension: [epgajnlpjdekoahdieccehfgfoceemli] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home7443\ch\MediaWatchV1home7443.crx []
CHR HKLM-x32\...\Chrome\Extension: [hfeboigcnkknildkignoocchdpfgjhim] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4200\ch\MediaViewV1alpha4200.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [hngldpbalniaeefmmekajmoojnjlahml] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9277\ch\MediaViewV1alpha9277.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [jgilbdindfhdmmkmpocdooendkmnhjfk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta760\ch\VideoPlayerV3beta760.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [knhlfgglgchbadkkegpfoalfkbpanlpe] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6466\ch\MediaBuzzV1mode6466.crx [2014-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:BC359956
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1478833764-2365237831-1100677447-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5762CC44-03B1-44BA-BF1C-DF364B26F491}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5762CC44-03B1-44BA-BF1C-DF364B26F491}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{361EBF69-13D1-4D9B-ABBB-1BF2248A3CCF}" => Key deleted successfully.
"HKCR\CLSID\{361EBF69-13D1-4D9B-ABBB-1BF2248A3CCF}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5762CC44-03B1-44BA-BF1C-DF364B26F491}" => Key deleted successfully.
"HKCR\CLSID\{5762CC44-03B1-44BA-BF1C-DF364B26F491}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully.
C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaacfokhpapepnmobpfdcoeeeinlllkc" => Key deleted successfully.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha639\ch\WebexpEnhancedV1alpha639.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eigfnafpnmdjpcmeeldjnknnackigjgp" => Key deleted successfully.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home4731\ch\MediaWatchV1home4731.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epgajnlpjdekoahdieccehfgfoceemli" => Key deleted successfully.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home7443\ch\MediaWatchV1home7443.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hfeboigcnkknildkignoocchdpfgjhim" => Key deleted successfully.
"C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4200\ch\MediaViewV1alpha4200.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hngldpbalniaeefmmekajmoojnjlahml" => Key deleted successfully.
"C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9277\ch\MediaViewV1alpha9277.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jgilbdindfhdmmkmpocdooendkmnhjfk" => Key deleted successfully.
"C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta760\ch\VideoPlayerV3beta760.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\knhlfgglgchbadkkegpfoalfkbpanlpe" => Key deleted successfully.
"C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6466\ch\MediaBuzzV1mode6466.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
BTCFilterService => Service deleted successfully.
catchme => Service deleted successfully.
clwvd => Service deleted successfully.
ewusbnet => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
motccgp => Service deleted successfully.
motccgpfl => Service deleted successfully.
motmodem => Service deleted successfully.
MotoSwitchService => Service deleted successfully.
Motousbnet => Service deleted successfully.
motusbdevice => Service deleted successfully.
C:\ProgramData\Temp => ":BC359956" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#11 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 09:41 AM

Here is the check-up.  Computer running the same.

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#12 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 September 2014 - 12:34 PM

Okay, my browser completely stopped working and Chrome told me to if I wasn't using a proxy server, go uncheck that option, which I did.  Ever since this, the problem seems to be solved.  Strange,  or maybe that is completely normal but it seems fixed and everything is running smoothly.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 19 September 2014 - 01:18 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 AM

Posted 19 September 2014 - 01:20 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I did see this entry in your log.
uProxyServer = 127.0.0.1:5050

Was not sure if you had set it.

Glad to see that all is well.

#15 wyattearp132

wyattearp132
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 20 September 2014 - 02:27 PM

thanks for all the help.  Computer seems to be running faster than before this all started, so that is one good thing that came from all this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users