Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ads, pop ups, and infected internet pop ups.


  • This topic is locked This topic is locked
16 replies to this topic

#1 sarahds

sarahds

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 September 2014 - 10:08 AM

The last few days I've had an insane amount of pop ups, ads all over my web page, every other time I click on a random place on the web page it opens a new tab to an add or tells me it isn't a secure page and to call a tech support number.  It also underlines random words all over the page and attached links to them.  It has slowed my computer down.  My free avg virus protection says it has located and stopped so many threats but it cant fix this.  I'll but virus protection if I need to but i was told the free ones would accomplish the same thing.  It took me hours to find this site and figure out how to fix it.  I don't know what any of this means or how to fix it.  Please help me!

 

I just had another pop up while writing this:  "the page at pcvirus.biz says:  system detected security error, due to suspicious activity. please contact certified live technicians for help 1-888-905-25759." then asks if i want to prevent this page from additional dialogs. then wont let me do anything on the page until i select the box and push okay.  I am so done dealing with this, I'm desperate.

 

One last thing, I think there may be a fake adobe update infecting it because I recently updated it...twice and my avg blocked something about a fake adobe, I'm thinking one of them was fake because it started around there or because of that.  i have no idea and I'm afraid to touch anything.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17280
Run by Sara at 9:04:38 on 2014-09-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3457.440 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AECLSrv.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATILAE.EXE
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uWindow Title = Internet Explorer, enhanced for Bing and MSN
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
uRun: [Dell Audio] <no file>
mRun: [Dell Audio] c:\program files\cirrus logic audio panel\CirrusAudioPanel_Dell.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe" 60
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.20.1 192.168.20.1
TCP: Interfaces\{07BE7EB8-3281-4D73-BCAE-D347694DA351} : DHCPNameServer = 192.168.20.1 192.168.20.1
TCP: Interfaces\{7D011DDE-5244-4773-9FC3-47529A3A6C2D} : DHCPNameServer = 12.205.14.11 64.250.48.6 12.205.14.10
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-8-6 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-24 204056]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-20 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-7-2 199448]
R2 AECLFilters;Andrea Cirrus Logic Filters Service;c:\windows\system32\AECLSrv.exe [2012-1-24 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-9-5 293448]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-3-26 1626800]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2013-9-20 577088]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2014-6-28 126128]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2013-10-3 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-10-3 165760]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-10-3 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\dell wireless\Ath_WlanAgent.exe [2013-10-3 81536]
R3 CirrusLFD;CS42xxLowerFilter;c:\windows\system32\drivers\CSLFDx86.sys [2012-4-2 28672]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-10-3 55104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2013-10-3 197736]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-10-3 514152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2013-10-3 31312]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-4-12 110920]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-4-12 333128]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-14 108032]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-4-12 359560]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-4-12 792712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2013-10-3 13440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-22 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-9-22 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-22 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-9-22 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-9-22 1343400]
.
=============== Created Last 30 ================
.
2014-09-17 02:32:47 -------- d-----w- c:\program files\Reimage
2014-09-17 01:25:44 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-09-17 01:25:23 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c49213e3-fd20-4149-aefa-cf1aecf07f72}\mpengine.dll
2014-09-13 13:38:55 -------- d-----w- c:\users\sara\appdata\roaming\AVG2015
2014-09-13 13:38:02 -------- d-----w- c:\users\sara\appdata\roaming\TuneUp Software
2014-09-13 13:36:31 -------- d--h--w- C:\$AVG
2014-09-13 13:36:30 -------- d-----w- c:\programdata\AVG2015
2014-09-13 13:35:00 -------- d-----w- c:\program files\AVG
2014-09-13 13:21:18 -------- d-----w- c:\users\sara\appdata\local\MFAData
2014-09-13 13:21:18 -------- d-----w- c:\users\sara\appdata\local\Avg2015
2014-09-13 13:21:18 -------- d-----w- c:\programdata\MFAData
2014-09-13 12:37:38 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-13 12:37:37 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-13 12:19:18 -------- d-----w- c:\programdata\CouupSCAAnner
2014-08-28 01:29:31 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 01:29:31 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-21 02:49:40 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-20 15:07:59 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-20 15:07:52 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-20 15:07:41 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-20 15:07:30 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
.
==================== Find3M  ====================
.
2014-09-13 14:21:12 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-13 14:21:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 11:53:44 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-24 19:09:20 204056 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-18 20:55:24 230680 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-02 15:01:44 199448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH:  9:05:42.33 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 17 September 2014 - 10:36 AM

Hello sarahds and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 September 2014 - 11:13 AM

I am the administrator and my antivirus is disabled until I restart.  I work nights so I am usually alseep during the day.  I'm off today but ill be ready when you are.  I appreciate any help you can give me. 



#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 17 September 2014 - 11:15 AM

Hi sarahds,

 

What is this software ?

 

 c:\programdata\CouupSCAAnner

 

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\programdata\CouupSCAAnner
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

**************************************************

 

Please do the following

 

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 September 2014 - 04:09 PM

The reason it took me so long was because half way through the steps chrome shut down on me.

 

 2 options popped up with virus total:

 

https://www.virustotal.com/en/file/16a3297a310c12287916bab64698618ac50f23898f26e17998324175c8ec2e4d/analysis/1410987798/

 

https://www.virustotal.com/en/file/2d4e42ee22cf2171777f6f2aa232df7a2ad3445b6988ee2f2666ec2a863aca93/analysis/1410988020/

 

 ADWCleaner:

 

# AdwCleaner v3.310 - Report created 17/09/2014 at 11:40:22
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Sara - SARAH-PC
# Running from : C:\Users\Sara\Downloads\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Found : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Folder Found : C:\Program Files\Reimage
Folder Found : C:\ProgramData\2308189059
Folder Found : C:\ProgramData\Browser System Enahncer
Folder Found : C:\ProgramData\CouupSCAAnner
Folder Found : C:\ProgramData\deaol4mee
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Found : C:\Users\Sara\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\Sara\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Sara\AppData\Roaming\RocketUpdater
Folder Found : C:\Users\Sara\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD121AEF-6AE9-EEF9-8E19-59BF76ED1513}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD121AEF-6AE9-EEF9-8E19-59BF76ED1513}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD121AEF-6AE9-EEF9-8E19-59BF76ED1513}
Key Found : HKLM\SOFTWARE\Classes\CouopScannEur.CouopScannEur
Key Found : HKLM\SOFTWARE\Classes\CouopScannEur.CouopScannEur.3.2
Key Found : HKLM\SOFTWARE\Classes\ddeall4me.ddeall4me
Key Found : HKLM\SOFTWARE\Classes\ddeall4me.ddeall4me.1.2
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\FlvPlayer
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD121AEF-6AE9-EEF9-8E19-59BF76ED1513}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://rocket-find.com/?f=7&a=rckt_md_14_29_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0FzyyCtA0AtCyBtAtBtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0DtByEyEzy0C0AtG0B0CtAtAtG0EtByD0BtGyDzyyB0AtGyB0ByEyCyEyE0EzztByCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyC0E0ByEyE0BtG0F0FtDtDtG0DyD0FyCtGzytDtC0FtGyByE0F0EtCzy0Dzy0D0AtAyE2Q&cr=2011790192&ir=
Found [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
 
*************************
 
AdwCleaner[R0].txt - [5745 octets] - [17/09/2014 11:24:08]
AdwCleaner[R1].txt - [5727 octets] - [17/09/2014 11:40:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5787 octets] ##########
 
 
Junkware removal:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Professional x86
Ran by Sara on Wed 09/17/2014 at 15:51:39.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Sara\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Sara\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/17/2014 at 15:55:43.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 September 2014 - 04:57 PM

results of the combo fix:

 

ComboFix 14-09-16.01 - Sara 09/17/2014  16:38:06.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3457.2039 [GMT -5:00]
Running from: c:\users\Sara\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2308189059
c:\programdata\CouupSCAAnner
c:\programdata\CouupSCAAnner\xhN1hwGV.dat
c:\programdata\CouupSCAAnner\xhN1hwGV.tlb
c:\programdata\deaol4mee
c:\programdata\deaol4mee\EjBEjz.dat
c:\programdata\deaol4mee\EjBEjz.tlb
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj\222\background.html
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj\222\content.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj\222\lsdb.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj\222\manifest.json
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\background.html
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\C348KT.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\content.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\lsdb.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\manifest.json
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\uAEE.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\149\wwraIDGMA.js
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkpgpmmooejhfhojndincjeonokodggj_0.localstorage-journal
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkpgpmmooejhfhojndincjeonokodggj_0.localstorage
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmdhcggjebefhdlpdjggelhnelnjefip_0.localstorage-journal
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmdhcggjebefhdlpdjggelhnelnjefip_0.localstorage
c:\users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sara\AppData\LocalLow\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}
c:\users\Sara\AppData\LocalLow\{F03D1DC5-33CD-95D1-5B7B-7AD83B847522}\deaol4mee.2.9.dat
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-17 to 2014-09-17  )))))))))))))))))))))))))))))))
.
.
2014-09-17 21:45 . 2014-09-17 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-17 20:51 . 2014-09-17 20:51 -------- d-----w- c:\windows\ERUNT
2014-09-17 16:25 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-17 16:21 . 2014-09-17 16:41 -------- d-----w- C:\AdwCleaner
2014-09-17 01:25 . 2014-09-15 07:08 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C49213E3-FD20-4149-AEFA-CF1AECF07F72}\mpengine.dll
2014-09-13 13:38 . 2014-09-13 13:38 -------- d-----w- c:\users\Sara\AppData\Roaming\AVG2015
2014-09-13 13:38 . 2014-09-13 13:38 -------- d-----w- c:\users\Sara\AppData\Roaming\TuneUp Software
2014-09-13 13:36 . 2014-09-13 13:36 -------- d-----w- C:\$AVG
2014-09-13 13:36 . 2014-09-13 13:39 -------- d-----w- c:\programdata\AVG2015
2014-09-13 13:35 . 2014-09-13 13:35 -------- d-----w- c:\program files\AVG
2014-09-13 13:21 . 2014-09-17 13:06 -------- d-----w- c:\programdata\MFAData
2014-09-13 13:21 . 2014-09-13 13:59 -------- d-----w- c:\users\Sara\AppData\Local\Avg2015
2014-09-13 13:21 . 2014-09-13 13:21 -------- d-----w- c:\users\Sara\AppData\Local\MFAData
2014-09-13 12:37 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-13 12:37 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-08-28 01:29 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 01:29 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-21 02:49 . 2014-08-21 02:49 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-08-20 15:07 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-20 15:07 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-20 15:07 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-20 15:07 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 14:21 . 2013-10-06 15:12 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-13 14:21 . 2013-10-06 15:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-26 21:09 . 2013-10-06 19:44 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-25 11:53 . 2013-10-03 12:06 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-07 02:38 . 2014-08-07 02:38 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-24 19:09 . 2014-07-24 19:09 204056 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-07-18 20:55 . 2014-07-18 20:55 230680 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-07-16 02:46 . 2014-08-13 22:29 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-13 22:32 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-02 15:01 . 2014-07-02 15:01 199448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-06 22:57 222712 ----a-w- c:\users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-06 22:57 222712 ----a-w- c:\users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-06 22:57 222712 ----a-w- c:\users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_30DE51239BAA92A81E36F17671881104"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-07-15 860488]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE" [2013-01-24 260160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Audio"="c:\program files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe" [2012-05-19 20567552]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 146032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 181360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 190064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-07-31 1057920]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-09-05 3593744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\System32\C2MP\UpdateChecker.exe [2013-8-29 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-09-05 3364368]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-12-01 31312]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-11-08 110920]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-11-08 333128]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 cpuz134;cpuz134;c:\users\Sara\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-21 359560]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-21 792712]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-09-22 14848]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-09-22 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-09-22 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-09-22 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-22 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-19 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-19 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-19 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-24 204056]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-19 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-21 193304]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-07-02 199448]
S2 AECLFilters;Andrea Cirrus Logic Filters Service;c:\windows\system32\AECLSrv.exe [2012-01-24 81920]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-09-05 293448]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-08-01 1626800]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-09-20 577088]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-17 126128]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\Dell Wireless\Ath_WlanAgent.exe [2013-01-23 81536]
S3 CirrusLFD;CS42xxLowerFilter;c:\windows\system32\DRIVERS\CSLFDx86.sys [2012-04-02 28672]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-01-09 197736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-02-16 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 23:21 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-17 c:\windows\Tasks\EPSON XP-410 Series Invitation {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2014-06-28 01:20]
.
2014-09-17 c:\windows\Tasks\EPSON XP-410 Series Update {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job
- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2014-06-28 01:20]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-15 16:59]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-15 16:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Dell Audio - (no file)
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0} - c:\progra~2\BROWSE~1\BROWSE~1.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2014-09-17  16:54:26 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-17 21:54
.
Pre-Run: 837,444,165,632 bytes free
Post-Run: 839,471,849,472 bytes free
.
- - End Of File - - 0C15DAC9F0CCC1780E3DD738BF905550
A36C5E4F47E84449FF07ED3517B43A31


#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 17 September 2014 - 05:45 PM

Hi sarahds,
 
Please,  AdwCleaner Click on  Clean (DELETE)
 
----------------------------------------------------------------------------------------------------------------

 

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

 

-----------------------------------------------------------------------------------------------------------------------------------------------

 

Please do the following.
 
Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 

Step 2:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Sincerely  :hello:


Edited by olgun52, 17 September 2014 - 05:48 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 September 2014 - 08:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Sara (administrator) on SARAH-PC on 17-09-2014 19:43:21
Running from C:\Users\Sara\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files\Dell Wireless\Ath_WlanAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILAE.EXE
() C:\Windows\System32\C2MP\UpdateChecker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Dell Audio] => C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20567552 2012-05-19] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4029919300-1503157010-3533688583-1000\...\Run: [GoogleChromeAutoLaunch_30DE51239BAA92A81E36F17671881104] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-4029919300-1503157010-3533688583-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\System32\C2MP\UpdateChecker.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x787517BA3AC0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR CustomProfile: C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (Gmail) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AECLFilters; C:\Windows\system32\AECLSrv.exe [81920 2012-01-24] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1626800 2014-07-31] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files\Dell Wireless\Ath_WlanAgent.exe [81536 2013-01-22] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31312 2009-12-01] (Google Inc)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2241024 2013-01-21] (Qualcomm Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [204056 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [199448 2014-07-02] (AVG Technologies CZ, s.r.o.)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx86.sys [28672 2012-04-02] (Cirrus Logic)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Sara\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 19:43 - 2014-09-17 19:44 - 00013277 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-09-17 18:54 - 2014-09-17 19:43 - 00000000 ____D () C:\FRST
2014-09-17 18:53 - 2014-09-17 18:53 - 01097728 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-09-17 18:14 - 2014-09-17 18:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 18:14 - 2014-09-17 18:14 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-17 18:14 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-17 18:14 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-17 18:14 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-17 18:08 - 2014-09-17 18:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 16:54 - 2014-09-17 16:54 - 00017576 _____ () C:\ComboFix.txt
2014-09-17 16:14 - 2014-09-17 16:54 - 00000000 ____D () C:\Qoobox
2014-09-17 16:14 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-17 16:14 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-17 16:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-17 16:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-17 16:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-17 16:14 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-17 16:14 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-17 16:14 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-17 16:13 - 2014-09-17 16:53 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 16:10 - 2014-09-17 16:35 - 05579386 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-09-17 16:01 - 2014-09-17 16:01 - 00005867 _____ () C:\Users\Sara\Desktop\AdwCleaner[R1].txt
2014-09-17 15:55 - 2014-09-17 15:56 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (3).exe
2014-09-17 15:55 - 2014-09-17 15:55 - 00001786 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-09-17 15:52 - 2014-09-17 15:52 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (2).exe
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 15:50 - 2014-09-17 15:51 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (1).exe
2014-09-17 14:53 - 2014-09-17 14:53 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-09-17 11:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-17 11:21 - 2014-09-17 11:41 - 00000000 ____D () C:\AdwCleaner
2014-09-17 11:20 - 2014-09-17 11:20 - 01373475 _____ () C:\Users\Sara\Downloads\adwcleaner_3.310.exe
2014-09-17 09:06 - 2014-09-17 09:06 - 00005784 _____ () C:\Users\Sara\Desktop\attach.txt
2014-09-17 09:06 - 2014-09-17 09:05 - 00015127 _____ () C:\Users\Sara\Desktop\dds.txt
2014-09-17 09:03 - 2014-09-17 09:04 - 00688992 ____R (Swearware) C:\Users\Sara\Downloads\dds.com
2014-09-16 21:23 - 2014-09-16 21:38 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-16 21:22 - 2014-09-16 21:23 - 00853960 _____ (Reimage®) C:\Users\Sara\Downloads\ReimageRepair.exe
2014-09-14 09:29 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 09:29 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 09:29 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 09:29 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 09:29 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 09:29 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 09:29 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 09:29 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 09:29 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 09:29 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 09:29 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 09:29 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 09:29 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 09:29 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 09:29 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 09:29 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 09:29 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 09:29 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 09:29 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 09:29 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 09:29 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 09:29 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 09:29 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 09:29 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 09:29 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 09:29 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 09:29 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 09:29 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 09:28 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 09:28 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 08:38 - 2014-09-13 08:38 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\TuneUp Software
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\AVG2015
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-13 08:36 - 2014-09-13 08:39 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-13 08:36 - 2014-09-13 08:36 - 00000000 ____D () C:\$AVG
2014-09-13 08:35 - 2014-09-13 08:35 - 00000000 ____D () C:\Program Files\AVG
2014-09-13 08:21 - 2014-09-17 18:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-13 08:21 - 2014-09-13 08:59 - 00000000 ____D () C:\Users\Sara\AppData\Local\Avg2015
2014-09-13 08:21 - 2014-09-13 08:21 - 00000000 ____D () C:\Users\Sara\AppData\Local\MFAData
2014-09-13 08:19 - 2014-09-13 08:21 - 04579176 _____ (AVG Technologies) C:\Users\Sara\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-13 07:37 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-13 07:37 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-27 20:29 - 2014-08-22 20:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:29 - 2014-08-22 19:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-08-20 10:07 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-20 10:07 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-20 10:07 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-20 10:07 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 19:44 - 2014-09-17 19:43 - 00013277 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-09-17 19:43 - 2014-09-17 18:54 - 00000000 ____D () C:\FRST
2014-09-17 19:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-17 19:11 - 2014-05-15 11:59 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 18:55 - 2014-06-28 16:55 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job
2014-09-17 18:55 - 2014-06-28 16:55 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job
2014-09-17 18:55 - 2009-07-13 23:34 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:55 - 2009-07-13 23:34 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:53 - 2014-09-17 18:53 - 01097728 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-09-17 18:52 - 2013-10-03 05:57 - 01377897 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 18:49 - 2014-05-15 11:59 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 18:48 - 2010-11-20 16:48 - 00268026 _____ () C:\Windows\PFRO.log
2014-09-17 18:48 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 18:48 - 2009-07-13 23:39 - 00045215 _____ () C:\Windows\setupact.log
2014-09-17 18:47 - 2014-07-15 18:07 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\RocketUpdater
2014-09-17 18:15 - 2014-09-17 18:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 18:14 - 2014-09-17 18:14 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 18:14 - 2014-09-17 18:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-17 18:11 - 2014-09-17 18:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 18:01 - 2014-09-13 08:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-17 16:54 - 2014-09-17 16:54 - 00017576 _____ () C:\ComboFix.txt
2014-09-17 16:54 - 2014-09-17 16:14 - 00000000 ____D () C:\Qoobox
2014-09-17 16:54 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-09-17 16:54 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-09-17 16:53 - 2014-09-17 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 16:50 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-17 16:35 - 2014-09-17 16:10 - 05579386 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-09-17 16:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 16:01 - 2014-09-17 16:01 - 00005867 _____ () C:\Users\Sara\Desktop\AdwCleaner[R1].txt
2014-09-17 15:56 - 2014-09-17 15:55 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (3).exe
2014-09-17 15:55 - 2014-09-17 15:55 - 00001786 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-09-17 15:52 - 2014-09-17 15:52 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (2).exe
2014-09-17 15:51 - 2014-09-17 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 15:51 - 2014-09-17 15:50 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT (1).exe
2014-09-17 14:53 - 2014-09-17 14:53 - 01016035 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-09-17 11:41 - 2014-09-17 11:21 - 00000000 ____D () C:\AdwCleaner
2014-09-17 11:20 - 2014-09-17 11:20 - 01373475 _____ () C:\Users\Sara\Downloads\adwcleaner_3.310.exe
2014-09-17 09:06 - 2014-09-17 09:06 - 00005784 _____ () C:\Users\Sara\Desktop\attach.txt
2014-09-17 09:05 - 2014-09-17 09:06 - 00015127 _____ () C:\Users\Sara\Desktop\dds.txt
2014-09-17 09:04 - 2014-09-17 09:03 - 00688992 ____R (Swearware) C:\Users\Sara\Downloads\dds.com
2014-09-16 21:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-16 21:38 - 2014-09-16 21:23 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-16 21:23 - 2014-09-16 21:22 - 00853960 _____ (Reimage®) C:\Users\Sara\Downloads\ReimageRepair.exe
2014-09-14 10:11 - 2013-10-03 08:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-14 09:27 - 2010-11-20 16:01 - 00773050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 09:12 - 2013-10-03 06:54 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-14 09:12 - 2013-10-03 06:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 09:21 - 2013-10-06 10:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-13 09:21 - 2013-10-06 10:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 08:59 - 2014-09-13 08:21 - 00000000 ____D () C:\Users\Sara\AppData\Local\Avg2015
2014-09-13 08:39 - 2014-09-13 08:36 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-13 08:38 - 2014-09-13 08:38 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\TuneUp Software
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\AVG2015
2014-09-13 08:38 - 2014-09-13 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-13 08:36 - 2014-09-13 08:36 - 00000000 ____D () C:\$AVG
2014-09-13 08:35 - 2014-09-13 08:35 - 00000000 ____D () C:\Program Files\AVG
2014-09-13 08:21 - 2014-09-13 08:21 - 00000000 ____D () C:\Users\Sara\AppData\Local\MFAData
2014-09-13 08:21 - 2014-09-13 08:19 - 04579176 _____ (AVG Technologies) C:\Users\Sara\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-13 07:24 - 2014-08-05 22:38 - 00000000 ____D () C:\ProgramData\478c9bce692c1e95
2014-08-30 23:45 - 2009-07-13 23:33 - 00434832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 02:53 - 2013-10-06 10:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-25 06:53 - 2013-10-03 07:06 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 20:46 - 2014-08-27 20:29 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:42 - 2014-08-27 20:29 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:49 - 2014-08-20 21:49 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-08-19 12:39 - 2014-09-14 09:29 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 17:26 - 2014-09-14 09:28 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 17:08 - 2014-09-14 09:29 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:57 - 2014-09-14 09:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:57 - 2014-09-14 09:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:46 - 2014-09-14 09:29 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:45 - 2014-09-14 09:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:44 - 2014-09-14 09:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-14 09:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-14 09:29 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:39 - 2014-09-14 09:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:39 - 2014-09-14 09:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:37 - 2014-09-14 09:29 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:36 - 2014-09-14 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:36 - 2014-09-14 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 16:35 - 2014-09-14 09:29 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:30 - 2014-09-14 09:29 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:27 - 2014-09-14 09:29 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 16:22 - 2014-09-14 09:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-14 09:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 16:17 - 2014-09-14 09:29 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 16:17 - 2014-09-14 09:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 16:15 - 2014-09-14 09:28 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 16:09 - 2014-09-14 09:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 16:08 - 2014-09-14 09:29 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 16:08 - 2014-09-14 09:29 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 16:07 - 2014-09-14 09:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:46 - 2014-09-14 09:29 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:38 - 2014-09-14 09:29 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 15:36 - 2014-09-14 09:29 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 18:34
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Sara at 2014-09-17 19:44:21
Running from C:\Users\Sara\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Cirrus Logic Audio Panel (Version: 1.1.12.4 - Cirrus Logic) Hidden
Cirrus Logic Audio x86 (Version: 6.24.5.3 - Cirrus Logic) Hidden
Dell Audio (HKLM\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 6.24.5.3 - Cirrus Logic)
Dell Wireless Driver Installation (HKLM\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DVD-Cloner V10.00 Build 1200 (HKLM\...\DVD-Cloner 2013_is1) (Version: 10.00.0.1200 - OpenCloner Inc.)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Infineon USB driver 1.0.0.6 (HKLM\...\Infineon USB driver_is1) (Version:  - Infineon)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
LG USB Modem Driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.7 - LG Electronics)
LTCM Client (HKLM\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Open DVD Ripper 3.50 Build 509 (HKLM\...\Open DVD Ripper 3_is1) (Version: 3.50.0.509 - OpenCloner Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.53.216.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30132 - Realtek Semiconductor Corp.)
Software Updater (HKLM\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
USB Flash Port Driver (HKLM\...\{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}) (Version: 1.00.0000 - Infineon Technologies)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 Codec Pack 4.0.8 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Driver Package - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6) (HKLM\...\7D6D030B3D73FCCA3D4E45319380F315DFBE7A54) (Version: 04/16/2009 1.0.0.6 - Infineon Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4029919300-1503157010-3533688583-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sara\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\FileSyncApi.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
20-08-2014 15:00:57 Windows Update
25-08-2014 00:03:28 Windows Update
28-08-2014 01:35:59 Windows Update
30-08-2014 08:00:10 Windows Update
03-09-2014 03:25:27 Windows Update
13-09-2014 12:20:57 Windows Update
13-09-2014 13:34:29 Installed AVG 2015
13-09-2014 13:35:12 Installed AVG 2015
14-09-2014 14:00:50 Windows Update
14-09-2014 15:06:19 Removed Cisco EAP-FAST Module
14-09-2014 15:07:18 Removed Cisco LEAP Module
14-09-2014 15:08:33 Removed Cisco PEAP Module
17-09-2014 21:14:23 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-09-17 16:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {053897E9-5C46-4FCD-A21E-BAA9B2346B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {0C242567-C701-4478-ACC4-9D31037B66A8} - System32\Tasks\EPSON XP-410 Series Invitation {4BEFC3E1-AE0A-4395-AF42-D28244C2869A} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {4ECD08DB-DC47-4C70-AD7E-B92EB58B02ED} - System32\Tasks\EPSON XP-410 Series Update {4BEFC3E1-AE0A-4395-AF42-D28244C2869A} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {735C9EE6-387D-47C2-97B7-BEE61D81F292} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-07-31] (Microsoft Corporation)
Task: {CD6236DF-369E-4047-84B6-B392200F5C92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {DC2498ED-21B8-4DC0-9AF9-97FD7604C3C3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {4BEFC3E1-AE0A-4395-AF42-D28244C2869A}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-26 19:28 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2012-05-19 08:47 - 2012-05-19 08:47 - 20567552 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-12-14 02:02 - 2012-12-14 02:02 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-08-29 14:36 - 2013-08-29 14:36 - 00048200 _____ () C:\Windows\System32\C2MP\UpdateChecker.exe
2014-07-20 18:23 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 18:23 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 18:23 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 18:23 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 18:23 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-09-16 20:46 - 2014-09-16 20:46 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll
2013-10-03 06:01 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-03 06:03 - 2012-06-25 00:11 - 01198912 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2014 06:50:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 06:34:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2014 05:28:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Faulting module name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Exception code: 0xc0000005
Fault offset: 0x0002aba5
Faulting process id: 0x1530
Faulting application start time: 0xavgwsc.exe0
Faulting application path: avgwsc.exe1
Faulting module path: avgwsc.exe2
Report Id: avgwsc.exe3
 
Error: (09/17/2014 04:47:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 04:27:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/17/2014 04:46:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:45:15 PM on ‎9/‎17/‎2014 was unexpected.
 
Error: (09/17/2014 04:41:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/17/2014 04:37:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (09/17/2014 06:50:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 06:34:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\EPSON Software\Download Navigator\EPSDNLMW64.EXE
 
Error: (09/17/2014 05:28:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgwsc.exe15.0.0.53155409c7dbavgwsc.exe15.0.0.53155409c7dbc00000050002aba5153001cfd2c6b4e75325C:\Program Files\AVG\AVG2015\avgwsc.exeC:\Program Files\AVG\AVG2015\avgwsc.exef2bf4410-3eb9-11e4-ba1c-a4173194c242
 
Error: (09/17/2014 04:47:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2014 04:27:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B820 @ 1.70GHz
Percentage of memory in use: 38%
Total physical RAM: 3457.09 MB
Available physical RAM: 2109.04 MB
Total Pagefile: 6912.48 MB
Available Pagefile: 5432.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.22 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:779.7 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6AB3CCC5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 18 September 2014 - 07:23 PM

Hi sarahds,

 

Please send malwarebytes application log


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 18 September 2014 - 10:03 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/18/2014
Scan Time: 9:53:23 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.18.09
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Sara
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285224
Time Elapsed: 8 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 19 September 2014 - 07:44 AM

Hi sarahds,

 

First I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
 

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

-----------------------------------------------------------------

 

Step 1:

 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_29_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0FzyyCtA0AtCyBtAtBtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0DtByEyEzy0C0AtG0B0CtAtAtG0EtByD0BtGyDzyyB0AtGyB0ByEyCyEyE0EzztByCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyC0E0ByEyE0BtG0F0FtDtDtG0DyD0FyCtGzytDtC0FtGyByE0F0EtCzy0Dzy0D0AtAyE2Q&cr=2011790192&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_29_ch&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0FzyyCtA0AtCyBtAtBtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0DtByEyEzy0C0AtG0B0CtAtAtG0EtByD0BtGyDzyyB0AtGyB0ByEyCyEyE0EzztByCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyC0E0ByEyE0BtG0F0FtDtDtG0DyD0FyCtGzytDtC0FtGyByE0F0EtCzy0Dzy0D0AtAyE2Q&cr=2011790192&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR CustomProfile: C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Sara\Downloads\JRT (3).exe
C:\Users\Sara\Downloads\JRT (2).exe
C:\Users\Sara\Downloads\JRT (1).exe
C:\Users\Sara\AppData\Roaming\RocketUpdater
C:\ProgramData\478c9bce692c1e95
Task: {053897E9-5C46-4FCD-A21E-BAA9B2346B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

---------------

 

Step 2:

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Step 3:

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Have a nice day.

 

 

 

 

 

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 19 September 2014 - 07:31 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Sara at 2014-09-19 17:58:30 Run:1
Running from C:\Users\Sara\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR CustomProfile: C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Sara\Downloads\JRT (3).exe
C:\Users\Sara\Downloads\JRT (2).exe
C:\Users\Sara\Downloads\JRT (1).exe
C:\Users\Sara\AppData\Roaming\RocketUpdater
C:\ProgramData\478c9bce692c1e95
Task: {053897E9-5C46-4FCD-A21E-BAA9B2346B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
end
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
 
========================= CHR CustomProfile: C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default ========================
 
"CHR CustomProC:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default" not found.
====== End Of File: ======
 
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Sara\Downloads\JRT (3).exe => Moved successfully.
C:\Users\Sara\Downloads\JRT (2).exe => Moved successfully.
C:\Users\Sara\Downloads\JRT (1).exe => Moved successfully.
C:\Users\Sara\AppData\Roaming\RocketUpdater => Moved successfully.
C:\ProgramData\478c9bce692c1e95 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{053897E9-5C46-4FCD-A21E-BAA9B2346B26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{053897E9-5C46-4FCD-A21E-BAA9B2346B26}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
 
==== End of Fixlog ====
 
 
 
No threats were found on the Eset.
 
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````


#13 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 20 September 2014 - 04:22 AM

Hi,
 

No threats were found on the Eset.

Please send the  Eset Logfile.
 
-------------------------------------------------
 
We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Add or Remove Programs in your Control Panel.
 
TuneUp Software
 
--------------------------------------------------
 
 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader XI to your PC's desktop.

  • Uninstall Adobe Reader 10 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

-----------------------------------------

How is your system responding now, any issues or concerns ?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 22 September 2014 - 12:08 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 sarahds

sarahds
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 22 September 2014 - 05:33 PM

 I ran the eset again.  It says no files infected or cleaned but it didn't give me a report.  I think everything is fixed. I cant thank you enough for all of your help.  I'm sorry for not responding sooner.  I have one last question.  For awhile my computer has been asking to perform a codec update. Im not sure what it is.  If I update, will i loose any of my files?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users