Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random windows popup in Chrome trying to get me to call tech support, etc.


  • This topic is locked This topic is locked
11 replies to this topic

#1 BadgerByBirth

BadgerByBirth

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 22 September 2014 - 11:38 AM

Here's a few examples of the windows popping up:
hxxttp://avcomand.com/av001/virusremoval.php
[url=hxxttp://trackjumpclicks.com/search/paypercall/scan7/steps.php?sid=[%5Bsubid%5D]16206061]hxxttp://trackjumpclicks.com/search/paypercall/scan7/steps.php?sid=[%5Bsubid%5D]16206061
hxxttps://www.draftkings.com/contest/draftteam/1416025?showPrizePop=True&showFppEntryPop=True
 
Sometimes dialogue boxes popup that will not go away and cause me to end program in task manager. I'm running Windows 8. It does not seem to be affecting IE. Also, at one point I updated Chrome. It went away and then spontaneously returned while I was browsing very ordinary, non-shady websites. This is a continuation of a previous thread: http://www.bleepingcomputer.com/forums/t/547650/windows-8-browser-hijacked-maybe-other-stuff-too/#entry3473919
 
DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.67.2
Run by John at 12:02:30 on 2014-09-22
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3986.1420 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\John\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify] "C:\Users\John\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: pecinc.com
Trusted Zone: pecinc.com
Trusted Zone: softsonline.org
Trusted Zone: softsonline.org
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4F6665FE-F6FB-405E-A298-694B7937D5B9} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7DE3D718-DC3E-4555-94F1-2D2391BA77DC} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7DE3D718-DC3E-4555-94F1-2D2391BA77DC}\2656C6B696E6E233932336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7DE3D718-DC3E-4555-94F1-2D2391BA77DC}\34F6E676275637370205C616A7160284F64756C6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7DE3D718-DC3E-4555-94F1-2D2391BA77DC}\755656B656E64602144702245627E6965637 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7DE3D718-DC3E-4555-94F1-2D2391BA77DC}\94C4021425E474F5548545 : DHCPNameServer = 10.1.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-10-17 92536]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-17 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-17 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-17 165760]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-11-4 18456]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-17 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-10-17 43832]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-10-17 269968]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\Drivers\S3XXx64.sys [2013-6-5 73984]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-10-17 41272]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2014-6-10 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-09-22 15:47:14 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C499C0F3-1705-4DE4-BCF0-7084F27395EF}\mpengine.dll
2014-09-21 14:31:52 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-09-11 14:39:46 305832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 19:18:20 -------- d-----w- C:\Windows\ERUNT
2014-09-10 18:55:22 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-10 18:52:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-10 18:27:54 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 18:27:54 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-09-10 18:27:28 678600 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2014-09-10 18:27:28 536776 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2014-09-10 18:27:09 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-09-10 15:02:59 4 ----a-w- C:\Users\John\AppData\Roaming\appdataFr2.bin
2014-08-27 23:55:55 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 23:55:55 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 23:55:54 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-08 16:51:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-04 22:36:35 755712 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-03 01:49:12 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-20 23:40:10 732880 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-08-20 17:05:47 694784 ----a-w- C:\Windows\System32\WSShared.dll
2014-08-20 17:05:47 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-08-20 17:05:47 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 17:02:46 567808 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-08-20 17:02:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 16:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
.
============= FINISH: 12:04:08.43 ===============

Edited by nasdaq, 29 September 2014 - 12:59 PM.
Bad links obfuscated.


BC AdBot (Login to Remove)

 


#2 BadgerByBirth

BadgerByBirth
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 22 September 2014 - 11:42 AM

And the attach file.

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 27 September 2014 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 BadgerByBirth

BadgerByBirth
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 September 2014 - 11:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by John (administrator) on LIVINGROOM-PC on 29-09-2014 12:45:13
Running from C:\Users\John\Desktop\antimalware2
Loaded Profile: John (Available profiles: John)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-511306254-3985341368-2919587943-1001\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-511306254-3985341368-2919587943-1001\...\Run: [Spotify] => C:\Users\John\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-22] (Spotify Ltd)
HKU\S-1-5-21-511306254-3985341368-2919587943-1001\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-22] (Spotify Ltd)
HKU\S-1-5-21-511306254-3985341368-2919587943-1001\...\MountPoints2: {107ba8cb-173f-11e4-bed9-843497787e18} - "F:\EMP_UDSe.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} -  No File
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-12]

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-21]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-09-12]
CHR Extension: (Google Analytics Opt out Add on) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-09-04]
CHR Extension: (Do Not Disturb!) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-22] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WACService; C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe [103272 2012-11-09] (Wondershare)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S1 MpKsl59b7f4d4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C640EAC-C7FE-4066-A063-C54B4080C78A}\MpKsl59b7f4d4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 12:45 - 2014-09-29 12:45 - 00000000 ____D () C:\FRST
2014-09-22 18:35 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 18:35 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-22 12:04 - 2014-09-22 12:04 - 00017679 _____ () C:\Users\John\Desktop\dds.txt
2014-09-22 12:04 - 2014-09-22 12:04 - 00009501 _____ () C:\Users\John\Desktop\attach.txt
2014-09-12 14:12 - 2014-09-12 14:13 - 26214400 _____ () C:\Users\John\Downloads\TeamBook 29 APR 2014.vol
2014-09-11 01:48 - 2014-09-28 23:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 01:48 - 2014-09-11 01:48 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 01:47 - 2014-09-11 01:48 - 00000407 _____ () C:\Windows\SecuniaPackage.log
2014-09-11 01:26 - 2014-09-11 01:26 - 00895120 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup.exe
2014-09-11 01:24 - 2014-09-28 21:41 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-511306254-3985341368-2919587943-1001
2014-09-11 01:23 - 2014-09-28 21:40 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-511306254-3985341368-2919587943-1001
2014-09-11 00:42 - 2014-09-11 00:42 - 01370467 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-09-10 15:27 - 2014-09-10 15:27 - 00001326 _____ () C:\Users\John\Desktop\JRT.txt
2014-09-10 15:18 - 2014-09-10 15:18 - 00000000 ____D () C:\Windows\ERUNT
2014-09-10 14:57 - 2014-09-10 14:58 - 01016261 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-09-10 14:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-10 14:52 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 14:51 - 2014-08-16 05:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 14:51 - 2014-08-16 05:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 14:51 - 2014-08-16 05:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-10 14:51 - 2014-08-16 05:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 14:51 - 2014-08-16 05:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 14:51 - 2014-08-16 05:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 14:51 - 2014-08-16 05:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 14:51 - 2014-08-16 05:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 14:51 - 2014-08-16 03:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 14:51 - 2014-08-16 03:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 14:51 - 2014-08-16 03:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 14:51 - 2014-08-16 03:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 14:51 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 14:51 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-10 14:51 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-10 14:51 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 14:51 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 14:51 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 14:51 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 14:51 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 14:51 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 14:51 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 14:51 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-10 14:51 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 14:51 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 14:51 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 14:50 - 2014-08-16 05:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 14:50 - 2014-08-16 05:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 14:50 - 2014-08-16 03:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 14:50 - 2014-08-16 03:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 14:49 - 2014-09-10 14:50 - 01370467 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-09-10 14:48 - 2014-09-29 12:45 - 00000000 ____D () C:\Users\John\Desktop\antimalware2
2014-09-10 14:44 - 2014-09-10 14:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-09-10 14:39 - 2014-09-10 14:40 - 00038733 _____ () C:\Users\John\Downloads\Result.txt
2014-09-10 14:38 - 2014-09-10 14:38 - 00401920 _____ (Farbar) C:\Users\John\Downloads\MiniToolBox.exe
2014-09-10 14:27 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 14:27 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 14:27 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 14:27 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-10 14:27 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 14:26 - 2014-09-04 18:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:26 - 2014-09-02 21:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:26 - 2014-08-28 07:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 14:26 - 2014-08-28 02:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 14:26 - 2014-08-28 02:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 14:26 - 2014-08-28 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 14:26 - 2014-08-28 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 14:26 - 2014-08-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 14:26 - 2014-08-28 02:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 14:26 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-10 11:02 - 2014-09-10 11:02 - 00000004 _____ () C:\Users\John\AppData\Roaming\appdataFr2.bin
2014-09-08 12:42 - 2014-08-20 19:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-08 12:42 - 2014-08-20 13:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-08 12:42 - 2014-08-20 13:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-08 12:42 - 2014-08-20 13:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-08 12:42 - 2014-08-20 13:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-08 12:42 - 2014-08-20 13:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-08 12:42 - 2014-06-24 03:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-08 12:42 - 2014-06-24 02:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-08 12:42 - 2014-06-24 02:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-08 12:42 - 2014-06-24 02:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-08 12:42 - 2014-06-24 02:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-08 12:42 - 2014-06-24 00:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-08 12:42 - 2014-06-24 00:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-08 12:42 - 2014-06-24 00:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-04 12:12 - 2014-09-04 12:13 - 00084992 _____ () C:\Users\John\Downloads\2213 SHRMatItemPrint.xls
2014-08-31 22:03 - 2014-08-31 22:21 - 00000000 ____D () C:\Users\John\Downloads\Radiohead - 1995 - The Bends 320Kbps [RockersBR]
2014-08-31 22:02 - 2014-08-31 22:02 - 00000000 ____D () C:\Users\John\Downloads\Radiohead The Bends 2011 Remastered & Art 320 Kbps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 12:15 - 2012-11-21 22:01 - 01842226 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 12:04 - 2012-11-21 22:13 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 12:01 - 2012-11-21 23:00 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-09-29 12:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-28 21:33 - 2012-11-21 22:13 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 21:32 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 21:31 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-28 21:27 - 2014-06-17 08:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\Spotify
2014-09-26 20:18 - 2013-03-14 20:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-26 20:18 - 2013-03-14 20:27 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-25 11:07 - 2013-09-12 09:14 - 00000000 ____D () C:\Users\John\Documents\Philosophy
2014-09-25 11:03 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-25 09:47 - 2012-11-21 23:00 - 10586624 ___SH () C:\Users\John\Downloads\Thumbs.db
2014-09-25 09:20 - 2014-05-30 20:12 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-09-25 01:31 - 2012-12-05 23:27 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-09-25 01:22 - 2013-01-17 22:26 - 00557056 ___SH () C:\Users\John\Desktop\Thumbs.db
2014-09-24 13:58 - 2014-05-30 20:12 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-09-24 13:58 - 2012-11-21 22:01 - 00000000 ____D () C:\Users\John
2014-09-24 11:00 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-24 10:12 - 2014-08-20 19:48 - 00000000 ____D () C:\Users\John\Documents\IT HAPPENED TO ME  xoJane_files
2014-09-24 09:25 - 2013-12-11 17:34 - 00000000 ____D () C:\Users\John\Documents\A 2-20
2014-09-23 10:17 - 2012-11-21 22:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-511306254-3985341368-2919587943-1001
2014-09-22 18:30 - 2014-06-17 08:12 - 00000000 ____D () C:\Users\John\AppData\Local\Spotify
2014-09-22 02:42 - 2013-09-13 15:52 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 21:31 - 2012-07-26 03:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 09:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-14 15:45 - 2013-03-07 15:39 - 00000000 ____D () C:\Program Files\Recuva
2014-09-11 01:56 - 2013-09-12 12:43 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-11 01:56 - 2013-09-12 12:43 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-11 01:56 - 2013-09-12 12:43 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-11 01:33 - 2014-06-03 19:14 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 01:29 - 2013-06-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 01:18 - 2012-08-03 18:23 - 00916490 _____ () C:\Windows\PFRO.log
2014-09-11 01:17 - 2013-11-12 17:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 20:24 - 2012-11-21 22:13 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-10 20:24 - 2012-11-21 22:12 - 00000000 ____D () C:\ProgramData\Real
2014-09-10 20:20 - 2012-11-21 22:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Real
2014-09-10 20:09 - 2012-11-21 22:41 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-09-10 15:24 - 2014-08-29 20:11 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-511306254-3985341368-2919587943-1001
2014-09-10 15:24 - 2014-08-29 19:52 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-511306254-3985341368-2919587943-1001
2014-09-10 15:03 - 2014-07-11 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 14:49 - 2013-07-30 13:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 14:35 - 2012-12-14 17:00 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:05 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-10 09:05 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-08 21:39 - 2012-12-17 16:16 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-09-08 13:53 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\security
2014-09-08 12:51 - 2014-07-29 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 13:16 - 2014-06-06 10:23 - 00000868 _____ () C:\Users\John\Desktop\Handbrake.lnk
2014-09-04 11:14 - 2014-08-20 20:02 - 00000000 ____D () C:\ProgramData\2fba9440dc3b46e1
2014-09-03 13:23 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 15:32 - 2014-08-18 01:55 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 15:32 - 2014-08-18 01:55 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 00:48 - 2014-08-29 14:12 - 00000000 ____D () C:\Users\John\Downloads\the wire.season4
2014-08-30 00:48 - 2014-08-29 14:09 - 00000000 ____D () C:\Users\John\Downloads\Inglourious Basterds 2009 DVDRip XviD-MegaPlay

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\ccsetup.exe
C:\Users\John\AppData\Local\Temp\lowproc.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\SCC.dll
C:\Users\John\AppData\Local\Temp\stubhelper.dll
C:\Users\John\AppData\Local\Temp\SymCCIS.dll
C:\Users\John\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-20 12:59

==================== End Of Log ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 29 September 2014 - 12:58 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} -  No File
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 MpKsl59b7f4d4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C640EAC-C7FE-4066-A063-C54B4080C78A}\MpKsl59b7f4d4.sys [X]
C:\Users\John\AppData\Local\Temp\ccsetup.exe
C:\Users\John\AppData\Local\Temp\lowproc.exe
C:\Users\John\AppData\Local\Temp\SCC.dll
C:\Users\John\AppData\Local\Temp\stubhelper.dll
C:\Users\John\AppData\Local\Temp\SymCCIS.dll
C:\Users\John\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.5-win32.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the pop-ups continues execute this:



Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 05 October 2014 - 07:53 AM

Are you still with me?

#7 BadgerByBirth

BadgerByBirth
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 06 October 2014 - 10:55 AM

Yes, I apologize for the delay. It will likely be tomorrow evening before I get to it but I will get to it.



#8 BadgerByBirth

BadgerByBirth
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 07 October 2014 - 04:45 PM

A quick test run looks like the problem is fixed! Thanks for your help. I'll be back if I find anything still not working.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by John at 2014-10-07 17:28:27 Run:1
Running from C:\Users\John\Desktop\antimalware2
Loaded Profile: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} -  No File
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 MpKsl59b7f4d4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C640EAC-C7FE-4066-A063-C54B4080C78A}\MpKsl59b7f4d4.sys [X]
C:\Users\John\AppData\Local\Temp\ccsetup.exe
C:\Users\John\AppData\Local\Temp\lowproc.exe
C:\Users\John\AppData\Local\Temp\SCC.dll
C:\Users\John\AppData\Local\Temp\stubhelper.dll
C:\Users\John\AppData\Local\Temp\SymCCIS.dll
C:\Users\John\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\John\AppData\Local\Temp\vlc-2.1.5-win32.exe

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\x-owacid2" => Key deleted successfully.
"HKCR\CLSID\{5B290518-830E-4C57-A66B-E4F748900C27}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
MpKsl59b7f4d4 => Service deleted successfully.
C:\Users\John\AppData\Local\Temp\ccsetup.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\SymCCIS.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\vlc-2.1.1-win32.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.

==== End of Fixlog ====



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 08 October 2014 - 08:12 AM

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#10 BadgerByBirth

BadgerByBirth
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 08 October 2014 - 11:48 AM

 Results of screen317's Security Check version 0.99.88 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9015)  
 Java 7 Update 67 
 Adobe Flash Player  15.0.0.152 
 Adobe Reader XI 
 Google Chrome 36.0.1985.143 
 Google Chrome 37.0.2062.120 
 Google Chrome update.dll.. 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 John Desktop antimalware2 SecurityCheck.exe
 Windows Defender MsMpEng.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 08 October 2014 - 12:22 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 08 October 2014 - 12:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users