Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with cdncache-a.akamaihd.net malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 captaindrewski

captaindrewski

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 25 September 2014 - 06:00 AM

hey there ive been infected with the hxxttps://cdncache-a.akamaihd.net/pd.html?r=614851694.1720694.malware  it seems to load web pages in the background? . also getting strange hyperlinks with a green arrow on the right hand side. I have trend micro titanium antivirus. have tried running malwarebytes anti malware and hitman pro but no luck so far. heres my logs
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by andrew and jen at 18:47:14 on 2014-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.3999.1469 [GMT 8:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\andrew and jen\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Users\andrew and jen\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{698FF71A-06C9-4E7E-BD87-C867C12B7942} : DHCPNameServer = 10.0.0.138
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-6 144896]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
.
=============== Created Last 30 ================
.
2014-09-24 05:09:10 -------- d-----w- C:\Users\andrew and jen\subfolders desktop
2014-09-24 05:08:18 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF88F74-9494-43F5-8309-0A6D067DAB47}\offreg.dll
2014-09-24 04:46:25 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-09-24 04:09:36 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BF88F74-9494-43F5-8309-0A6D067DAB47}\mpengine.dll
2014-09-23 08:16:34 -------- d-----w- C:\Program Files\Max Spyware Detector
2014-09-23 08:11:14 -------- d-----w- C:\ProgramData\Max Secure
2014-09-23 08:07:22 -------- d-----w- C:\Users\andrew and jen\AppData\Local\Max Secure Software
2014-09-23 08:06:35 -------- d-----w- C:\Users\andrew and jen\AppData\Roaming\GetRightToGo
2014-09-23 02:19:03 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-22 00:51:06 -------- d-----w- C:\Windows\ERUNT
2014-09-22 00:27:56 -------- d-----w- C:\Program Files\HitmanPro
2014-09-22 00:24:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-16 11:12:36 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-16 11:10:23 -------- d-----w- C:\AdwCleaner
2014-09-13 06:56:18 -------- d-----w- C:\Program Files (x86)\Techsnab
.
==================== Find3M  ====================
.
2014-09-24 06:08:46 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 06:08:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 00:57:10 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-16 06:54:08 70144 ----a-w- C:\Windows\SysWow64\tasks.dll
2014-09-15 01:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-24 18:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 15:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH: 18:49:07.14 ===============

Attached Files


Edited by nasdaq, 29 September 2014 - 07:54 AM.
Bad link obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 29 September 2014 - 07:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 captaindrewski

captaindrewski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 01 October 2014 - 10:11 AM

thanks nasdaq, really appreciate you taking the time to help with this. computer seems o.k, but internet is quite slow. hopefully we can find a solution.
anyways, heres the logs you asked for. i have multiple malwarebyres logs and adwxleaner logsso i posted them all one after another? also having problems figuring out how to attach the other file, Addition.txt
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/07/24 19:47:40 +0800</date>
 
<logfile>mbam-log-2014-07-24 (19-46-51).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.07.24.02</malware-database>
 
<rootkit-database>v2014.07.17.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>294794</objects>
 
<time>1357</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>8</keys>
 
<values>0</values>
 
<datas>1</datas>
 
<folders>2</folders>
 
<files>9</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<key>
 
<path>HKLM\SOFTWARE\CLASSES\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}</path>
 
<vendor>PUP.Optional.YTDToolbar</vendor>
 
<action>success</action>
 
<hash>85cd9013106bd0667ef994c912f08a76</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>0b476f34f487e74fcacec019f90934cc</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>84ce50531665979fbfda9b3ec43e9c64</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>9db5940f92e978be405afcdd32d0a957</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>f1614a592e4dea4c28734a8ffa088a76</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-4015817402-3426375982-1515106729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path>
 
<vendor>PUP.Optional.1ClickDownload.A</vendor>
 
<action>success</action>
 
<hash>89c9a4ff59224beb802e66a1c73df30d</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-4015817402-3426375982-1515106729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>371b465db4c78bab7b10e2442fd54eb2</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-4015817402-3426375982-1515106729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF</path>
 
<vendor>PUP.Optional.Conduit.A</vendor>
 
<action>success</action>
 
<hash>93bf32719ae13303a929a3685fa512ee</hash>
 
</key>
 
 
-<data>
 
<path>HKU\S-1-5-21-4015817402-3426375982-1515106729-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
 
<valuename>Start Page</valuename>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>replaced</action>
 
 
 
<gooddata>www.google.com</gooddata>
 
<hash>2a28653e7ffcc2745e859a0b1ce8ee12</hash>
 
</data>
 
 
-<folder>
 
<path>C:\Program Files (x86)\Common Files\Spigot\Search Settings</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>c88a2281d3a8e0569ee6258c57ab837d</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\Program Files (x86)\Common Files\Spigot\GC</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>3c16445f83f855e1d24c3486b250c739</hash>
 
</folder>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\VA__Sunset_Sessions_Camps_Bay_Capetown] (1).exe</path>
 
<vendor>PUP.Optional.OneClickDownloader.A</vendor>
 
<action>success</action>
 
<hash>460c3f64403bbd799011d2483bc612ee</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\VA__Sunset_Sessions_Camps_Bay_Capetown].exe</path>
 
<vendor>PUP.Optional.OneClickDownloader.A</vendor>
 
<action>success</action>
 
<hash>044e1b8897e49f97663b24f635cc2ad6</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\vlcmediaplayer-setup (1).exe</path>
 
<vendor>PUP.Optional.BundleInstaller.A</vendor>
 
<action>success</action>
 
<hash>1f336f34e299b97ddc710b3d8878a55b</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\vlcmediaplayer-setup (2).exe</path>
 
<vendor>PUP.Optional.BundleInstaller.A</vendor>
 
<action>success</action>
 
<hash>98ba139022597eb81736df699b65f30d</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\vlcmediaplayer-setup.exe</path>
 
<vendor>PUP.Optional.BundleInstaller.A</vendor>
 
<action>success</action>
 
<hash>92c05053166585b1c98440087a86eb15</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>a3aff5aed6a574c21eb5c00730d29c64</hash>
 
</file>
 
 
-<file>
 
<path>C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>3c16445f83f855e1d24c3486b250c739</hash>
 
</file>
 
 
-<file>
 
<path>C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>3c16445f83f855e1d24c3486b250c739</hash>
 
</file>
 
 
-<file>
 
<path>C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>3c16445f83f855e1d24c3486b250c739</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/08/02 08:06:24 +0800</date>
 
<logfile>mbam-log-2014-08-02 (08-06-21).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.08.01.06</malware-database>
 
<rootkit-database>v2014.08.01.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>299015</objects>
 
<time>4919</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>1</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\Downloads\YTDSetup.exe</path>
 
<vendor>PUP.Optional.Spigot</vendor>
 
<action>success</action>
 
<hash>cb9f2f923b40df575ab43371748d5ca4</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/08/04 22:47:31 +0800</date>
 
<logfile>mbam-log-2014-08-04 (22-46-46).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.08.04.05</malware-database>
 
<rootkit-database>v2014.08.01.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>298527</objects>
 
<time>1480</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>0</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
<items> </items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/08/12 21:41:19 +0800</date>
 
<logfile>mbam-log-2014-08-12 (21-40-46).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.08.12.04</malware-database>
 
<rootkit-database>v2014.08.04.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>301689</objects>
 
<time>1659</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>0</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
<items> </items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/08/13 12:14:35 +0800</date>
 
<logfile>mbam-log-2014-08-13 (12-13-58).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.08.13.02</malware-database>
 
<rootkit-database>v2014.08.04.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>302563</objects>
 
<time>1132</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>0</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
<items> </items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/09/16 18:06:55 +0800</date>
 
<logfile>mbam-log-2014-09-16 (18-06-51).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.09.16.03</malware-database>
 
<rootkit-database>v2014.09.15.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>317014</objects>
 
<time>1532</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>1</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<folder>
 
<path>C:\Program Files (x86)\Common Files\Spigot</path>
 
<vendor>PUP.Optional.Spigot.A</vendor>
 
<action>success</action>
 
<hash>da79c628accfd95ddd432ece9d6559a7</hash>
 
</folder>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>e073826c770448eecf9d6daed42f0cf4</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>aca7eb03a8d37fb764088a9100037d83</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/09/22 08:57:14 +0800</date>
 
<logfile>mbam-log-2014-09-22 (08-56-50).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.09.22.01</malware-database>
 
<rootkit-database>v2014.09.19.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>322558</objects>
 
<time>2562</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>enabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>ccb966896d0e0333360a1d05bd46be42</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>4d38559a99e230064ff1968cf3101be5</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/09/26 11:31:38 +0800</date>
 
<logfile>mbam-log-2014-09-26 (11-31-35).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.09.26.01</malware-database>
 
<rootkit-database>v2014.09.19.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>320411</objects>
 
<time>2084</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>enabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>e69fef00fa810b2b480f05220df6758b</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>364ffef1d8a3f541fe5949de0bf84bb5</hash>
 
</file>
 
</items>
 
</mbam-log>
 
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/09/29 19:22:58 +0800</date>
 
<logfile>mbam-log-2014-09-29 (19-22-42).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.09.29.03</malware-database>
 
<rootkit-database>v2014.09.19.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>320756</objects>
 
<time>1879</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>enabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>6b1ab53af4877eb821d2c46539caaf51</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>572ece211467f046bb38b87193708080</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/10/01 05:19:07 +0800</date>
 
<logfile>mbam-log-2014-10-01 (05-19-03).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.09.30.08</malware-database>
 
<rootkit-database>v2014.09.19.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>317723</objects>
 
<time>1729</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>enabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>1d6826c90972aa8c236c86a1a75cd42c</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>a1e4c32c93e8e6504649d25509fa2ed2</hash>
 
</file>
 
</items>
 
</mbam-log>
 
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/10/01 21:47:25 +0800</date>
 
<logfile>mbam-log-2014-10-01 (21-46-53).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.2.1012</version>
 
<malware-database>v2014.10.01.04</malware-database>
 
<rootkit-database>v2014.09.19.01</rootkit-database>
 
<license>free</license>
 
<file-protection>disabled</file-protection>
 
<web-protection>disabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>andrew and jen</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>318266</objects>
 
<time>2183</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>2</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>enabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>delete-on-reboot</action>
 
<hash>671eaf40b9c2cf677cb743e5679c44bc</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Superfish.A</vendor>
 
<action>success</action>
 
<hash>98edd916f08bf046c56ef533ef143ac6</hash>
 
</file>
 
</items>
 
</mbam-log>
 
 
# AdwCleaner v3.310 - Report created 16/09/2014 at 19:10:32
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\GetPrivate
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Users\andrew and jen\AppData\Local\Slick Savings
Folder Found : C:\Users\andrew and jen\AppData\Roaming\GetPrivate
Folder Found : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
 
# AdwCleaner v3.310 - Report created 16/09/2014 at 20:08:47
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\GetPrivate
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Users\andrew and jen\AppData\Roaming\GetPrivate
Folder Found : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
 
# AdwCleaner v3.310 - Report created 19/09/2014 at 07:36:52
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
# AdwCleaner v3.311 - Report created 01/10/2014 at 22:39:04
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Folder Found : C:\Users\andrew and jen\AppData\Local\Max Secure Software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
 
# AdwCleaner v3.310 - Report created 16/09/2014 at 19:24:12
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Program Files (x86)\GetPrivate
[x] Not Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\andrew and jen\AppData\Local\Slick Savings
[x] Not Deleted : C:\Users\andrew and jen\AppData\Roaming\GetPrivate
[x] Not Deleted : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[x] Not Deleted : C:\Windows\System32\roboot64.exe
[x] Not Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
[x] Not Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[x] Not Deleted : HKCU\Software\Conduit
[x] Not Deleted : HKCU\Software\eSupport.com
[x] Not Deleted : HKCU\Software\AppDataLow\Software\SmartBar
[x] Not Deleted : HKLM\SOFTWARE\Conduit
[x] Not Deleted : HKCU64\Software\Conduit
[x] Not Deleted : HKCU64\Software\eSupport.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
# AdwCleaner v3.310 - Report created 16/09/2014 at 20:26:04
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\andrew and jen\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[x] Not Deleted : HKCU\Software\Conduit
[x] Not Deleted : HKCU\Software\eSupport.com
[x] Not Deleted : HKCU\Software\AppDataLow\Software\SmartBar
[x] Not Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKCU\Software\Conduit
Key Deleted : [x64] HKCU\Software\eSupport.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3299 octets] - [16/09/2014 19:10:32]
AdwCleaner[R1].txt - [2196 octets] - [16/09/2014 20:08:47]
AdwCleaner[S0].txt - [6938 octets] - [16/09/2014 19:24:12]
AdwCleaner[S1].txt - [2157 octets] - [16/09/2014 20:26:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2217 octets] ##########
 
 
# AdwCleaner v3.310 - Report created 19/09/2014 at 08:20:05
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3299 octets] - [16/09/2014 19:10:32]
AdwCleaner[R1].txt - [2196 octets] - [16/09/2014 20:08:47]
AdwCleaner[R2].txt - [1663 octets] - [19/09/2014 07:36:52]
AdwCleaner[S0].txt - [6938 octets] - [16/09/2014 19:24:12]
AdwCleaner[S1].txt - [2305 octets] - [16/09/2014 20:26:04]
AdwCleaner[S2].txt - [1548 octets] - [19/09/2014 08:20:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1608 octets] ##########
 
 
# AdwCleaner v3.311 - Report created 01/10/2014 at 22:41:46
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : andrew and jen - CAPTAIN
# Running from : C:\Users\andrew and jen\Downloads\adwcleaner_3.311.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\andrew and jen\AppData\Local\Max Secure Software
File Deleted : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Deleted : HKCU\Software\eSupport.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3299 octets] - [16/09/2014 19:10:32]
AdwCleaner[R1].txt - [2196 octets] - [16/09/2014 20:08:47]
AdwCleaner[R2].txt - [1663 octets] - [19/09/2014 07:36:52]
AdwCleaner[R3].txt - [1707 octets] - [01/10/2014 22:39:04]
AdwCleaner[S0].txt - [6938 octets] - [16/09/2014 19:24:12]
AdwCleaner[S1].txt - [2305 octets] - [16/09/2014 20:26:04]
AdwCleaner[S2].txt - [1688 octets] - [19/09/2014 08:20:05]
AdwCleaner[S3].txt - [1590 octets] - [01/10/2014 22:41:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1650 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-09-2014
Ran by andrew and jen (administrator) on CAPTAIN on 01-10-2014 22:57:58
Running from C:\Users\andrew and jen\Downloads
Loaded Profile: andrew and jen (Available profiles: andrew and jen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\andrew and jen\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\andrew and jen\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2013-07-16] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-05-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-24] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4015817402-3426375982-1515106729-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-23] (Hewlett-Packard Company)
HKU\S-1-5-21-4015817402-3426375982-1515106729-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-4015817402-3426375982-1515106729-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4015817402-3426375982-1515106729-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4015817402-3426375982-1515106729-1000\...\Run: [uTorrent] => C:\Users\andrew and jen\AppData\Roaming\uTorrent\uTorrent.exe [1419856 2014-09-21] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\andrew and jen\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk /k:C * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
SearchScopes: HKCU - DefaultScope {A626FD2B-00DA-42FA-96F6-F6CB879C9817} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {17213C7F-D0BC-49E0-96C1-44913A3325BC} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - {A626FD2B-00DA-42FA-96F6-F6CB879C9817} URL = https://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\searchplugins\yahoo_ff.xml
FF Extension: Adblock Plus - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-04]
FF Extension: QuickJava - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-30]
FF Extension: JavaScript Debugger - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-05-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]
FF Extension: No Name - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (YouTube) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-22]
CHR Extension: (Google Search) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30]
CHR Extension: (Gmail) - C:\Users\andrew and jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-22] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-23] (Hewlett-Packard Company) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 22:57 - 2014-10-01 22:57 - 02108928 _____ (Farbar) C:\Users\andrew and jen\Downloads\FRST64 (1).exe
2014-10-01 22:39 - 2014-10-01 23:00 - 00025033 _____ () C:\Users\andrew and jen\Downloads\FRST.txt
2014-10-01 21:45 - 2014-10-01 22:58 - 00000000 ____D () C:\FRST
2014-10-01 21:44 - 2014-10-01 21:45 - 02108928 _____ (Farbar) C:\Users\andrew and jen\Downloads\FRST64.exe
2014-10-01 21:43 - 2014-10-01 21:43 - 01375089 _____ () C:\Users\andrew and jen\Downloads\adwcleaner_3.311.exe
2014-09-27 19:45 - 2014-09-27 19:57 - 391159499 ____R () C:\Users\andrew and jen\Downloads\Sons.of.Anarchy.S07E03.HDTV.x264-2HD.mp4
2014-09-25 18:51 - 2014-09-25 18:51 - 00016353 _____ () C:\Users\andrew and jen\Desktop\.txt
2014-09-25 18:49 - 2014-09-25 18:49 - 00016353 _____ () C:\Users\andrew and jen\Desktop\dds.txt
2014-09-25 18:49 - 2014-09-25 18:49 - 00015555 _____ () C:\Users\andrew and jen\Desktop\attach.txt
2014-09-25 18:46 - 2014-09-25 18:46 - 00688992 ____R (Swearware) C:\Users\andrew and jen\Downloads\dds.com
2014-09-24 12:46 - 2014-09-24 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-24 12:46 - 2014-09-24 12:46 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-24 12:40 - 2014-09-24 12:43 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\andrew and jen\Downloads\cbSetup.exe
2014-09-23 16:18 - 2014-09-23 16:18 - 05579290 ____N (Swearware) C:\Users\andrew and jen\Downloads\ComboFix.exe
2014-09-23 16:11 - 2014-09-23 16:16 - 00000000 ____D () C:\ProgramData\Max Secure
2014-09-23 16:10 - 2014-09-23 16:10 - 208897232 ____N (Max Secure Software ) C:\Users\andrew and jen\Desktop\MaxSpywaredetectorx64.exe
2014-09-23 16:06 - 2014-09-23 16:07 - 00000000 ____D () C:\Users\andrew and jen\AppData\Roaming\GetRightToGo
2014-09-23 16:06 - 2014-09-23 16:06 - 00368256 ____N (RegNow.com) C:\Users\andrew and jen\Downloads\Download_MaxSDDMnew.exe
2014-09-23 10:19 - 2014-09-23 10:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-23 10:18 - 2014-09-23 10:18 - 02347384 ____N (ESET) C:\Users\andrew and jen\Downloads\esetsmartinstaller_enu.exe
2014-09-22 09:27 - 2014-09-22 09:27 - 00001146 ____N () C:\Users\andrew and jen\Desktop\JRT.txt
2014-09-22 08:51 - 2014-09-22 08:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 08:50 - 2014-09-22 08:50 - 01027006 ____N (Thisisu) C:\Users\andrew and jen\Downloads\JRT (1).exe
2014-09-22 08:48 - 2014-09-22 08:48 - 01027006 ____N (Thisisu) C:\Users\andrew and jen\Downloads\JRT.exe
2014-09-22 08:27 - 2014-09-22 08:27 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-22 08:27 - 2014-09-22 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-22 08:27 - 2014-09-22 08:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-22 08:24 - 2014-09-22 08:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-22 08:24 - 2014-09-22 08:24 - 09096848 ____N (SurfRight B.V.) C:\Users\andrew and jen\Downloads\HitmanPro.exe
2014-09-21 16:54 - 2014-09-21 17:07 - 452251418 ____R () C:\Users\andrew and jen\Downloads\Sons.of.Anarchy.S07E02.HDTV.x264-2HD.mp4
2014-09-21 16:53 - 2014-09-21 16:53 - 00000000 ____D () C:\Users\andrew and jen\Downloads\The Game - Doctors Advocate
2014-09-17 18:33 - 2014-09-17 18:33 - 00000101 ____N () C:\Users\andrew and jen\Documents\help.txt
2014-09-17 11:49 - 2014-10-01 22:54 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 11:49 - 2014-10-01 22:44 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 11:49 - 2014-09-17 11:49 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-17 11:49 - 2014-09-17 11:49 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-16 20:37 - 2014-09-16 20:37 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 20:37 - 2014-09-16 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 19:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-16 19:10 - 2014-10-01 22:41 - 00000000 ____D () C:\AdwCleaner
2014-09-16 19:09 - 2014-09-16 19:09 - 01373475 ____N () C:\Users\andrew and jen\Downloads\adwcleaner_3.310.exe
2014-09-16 18:23 - 2014-09-20 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-13 14:56 - 2014-10-01 20:49 - 00003316 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-13 14:56 - 2014-09-13 14:56 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-11 21:52 - 2014-09-11 22:00 - 00000000 ____D () C:\Users\andrew and jen\Downloads\Hook (1991) [1080p]
2014-09-11 21:51 - 2014-09-11 22:01 - 00000000 ____D () C:\Users\andrew and jen\Downloads\Hocus Pocus (1993)
2014-09-11 21:49 - 2014-09-11 22:04 - 00000000 ____D () C:\Users\andrew and jen\Downloads\Sons.of.Anarchy.S07E01.HDTV.x264-2HD[rarbg]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 22:57 - 2010-09-24 15:52 - 01197790 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 22:56 - 2013-07-27 21:05 - 00000000 ____D () C:\Users\andrew and jen\AppData\Roaming\uTorrent
2014-10-01 22:53 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 22:53 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 22:52 - 2013-07-02 21:14 - 00000000 ____D () C:\Users\andrew and jen\AppData\Local\CrashDumps
2014-10-01 22:47 - 2013-06-26 13:12 - 00000000 ____D () C:\Users\andrew and jen\AppData\Roaming\Skype
2014-10-01 22:44 - 2014-08-05 11:40 - 00015742 _____ () C:\Windows\setupact.log
2014-10-01 22:44 - 2013-11-18 14:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-01 22:44 - 2013-06-27 02:07 - 00789442 _____ () C:\Windows\PFRO.log
2014-10-01 22:44 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 22:07 - 2013-07-01 07:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 21:47 - 2014-07-24 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 20:49 - 2014-05-30 11:20 - 00002315 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-01 18:02 - 2013-06-26 11:52 - 00000000 ____D () C:\Users\andrew and jen\AppData\Roaming\HpUpdate
2014-10-01 05:17 - 2009-07-14 13:13 - 00006654 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-30 13:50 - 2013-07-16 15:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-30 13:50 - 2013-07-08 08:32 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-29 08:35 - 2013-07-28 10:23 - 00000000 ____D () C:\Users\andrew and jen\AppData\Roaming\vlc
2014-09-26 11:20 - 2009-07-14 12:45 - 00447224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-26 07:31 - 2014-05-19 19:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-24 14:08 - 2013-07-01 07:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 14:08 - 2013-07-01 07:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 14:08 - 2013-07-01 07:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 13:09 - 2013-06-26 11:38 - 00000000 ____D () C:\Users\andrew and jen
2014-09-23 19:36 - 2013-06-26 11:45 - 00116928 _____ () C:\Users\andrew and jen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 09:40 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 10:52 - 2013-06-27 03:04 - 00000000 ____D () C:\ProgramData\Recovery
2014-09-17 17:03 - 2013-06-26 12:28 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-17 11:49 - 2014-05-30 11:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-16 20:37 - 2013-06-26 13:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 20:37 - 2013-06-26 13:11 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 18:13 - 2013-11-18 14:06 - 00000000 ____D () C:\Users\andrew and jen\AppData\Local\Trend Micro
2014-09-16 14:54 - 2014-08-24 16:13 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-15 09:06 - 2013-11-18 14:09 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 12:44 - 2013-12-24 18:54 - 00001787 ____N () C:\Users\andrew and jen\Desktop\lemon cheese.txt
2014-09-11 05:23 - 2013-08-16 07:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 05:15 - 2013-07-03 11:02 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\andrew and jen\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\andrew and jen\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\andrew and jen\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\andrew and jen\AppData\Local\Temp\GPUpd5413EA891.exe
C:\Users\andrew and jen\AppData\Local\Temp\GPUpd5417DF0A1.exe
C:\Users\andrew and jen\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 10:57
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 01 October 2014 - 10:54 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\searchplugins\yahoo_ff.xml
FF Extension: No Name - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 captaindrewski

captaindrewski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 02 October 2014 - 11:48 PM

hey there nasdaq thanks for the prompt reply. i tried the things that you suggested. I noticed that the extra ads for russian brides have gone from my outlook sign in page but i still get normal text becoming hyperlinks in capitals with a strange green arrow next to them, and f i was to click on the wrong part of a webpage it still opens another tab and sends me to the cdncache-aakamaihdnet.... pages. anyways heres the logs, thanks so much for taking the time to help with this

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by andrew and jen at 2014-10-03 12:00:48 Run:1
Running from C:\Users\andrew and jen\Desktop\FRST-OlderVersion
Loaded Profile: andrew and jen (Available profiles: andrew and jen)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No
File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\searchplugins\yahoo_ff.xml
FF Extension: No Name - C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath
 
End
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\PROTOCOLS\Handler\tmtb" => Key deleted successfully.
"HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}" => Key not found.
File => Error: No automatic fix found for this entry.
"HKCR\PROTOCOLS\Handler\tmtbim" => Key deleted successfully.
"HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Users\andrew and jen\AppData\Roaming\Mozilla\Firefox\Profiles\x858l1tf.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi not found.
C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Amsp => Unable to stop service
Amsp => Error deleting Service
 
 
 
 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Titanium Maximum Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 03 October 2014 - 08:26 AM

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

How is it now?

#7 captaindrewski

captaindrewski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 03 October 2014 - 11:39 PM

hey there nasdaq,

I did as you said, just wondering with the adobe in my prograsm list when i go uninstall program - i have adobe air, acrobat.com, and adobeflashplayer15 active x 15 and adobeflashplayer 15 plugin. these do not seem to have been updated?  adobe reader XI was updated. i still have the strange hyperlinks coming up?

thanks for your help.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 04 October 2014 - 08:46 AM



We only check for the Adobe reader as the program is used to open programs that could be portal of malware.

===

Click on "Customize and control Google Chrome":
Select setting:

Check the setting for new Tab page

If nothing is present the I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

How is it now?

#9 captaindrewski

captaindrewski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 08 October 2014 - 06:00 PM

hey there nasdaq the computer is running much better online, the strange hyperlinks in capitals and redirections have stopped. Thanks so much for your help its really appreciated!! i think i will take some time to check over what programs i have unneccesarily loaded on my computer and make some changes. i see that there are forums on this site for that. Im really appreciative that you took the time to help me get this far though, cant thank you enough.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 09 October 2014 - 08:29 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 18 October 2014 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users