Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep seeing blue double underlined words on web pages


  • Please log in to reply
14 replies to this topic

#1 willyman18

willyman18

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 October 2014 - 05:16 AM

I keep seeing blue double underlined words on web pages and i keep getting redirected to ad pages.

I have been told to post here by quietman7. so here are the dds.txt and attach.txt.

the files are attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 07 October 2014 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 October 2014 - 08:46 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/10/2014
Scan Time: 09:01:30
Logfile: MALWARE BYTES LOG.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.08.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332034
Time Elapsed: 17 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
# AdwCleaner v3.311 - Report created 08/10/2014 at 14:29:43
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n3ksf79.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [24200 octets] - [18/09/2014 20:17:18]
AdwCleaner[R1].txt - [1468 octets] - [19/09/2014 18:44:51]
AdwCleaner[R2].txt - [1071 octets] - [19/09/2014 18:57:46]
AdwCleaner[R3].txt - [1066 octets] - [19/09/2014 19:11:54]
AdwCleaner[R4].txt - [2319 octets] - [29/09/2014 23:01:58]
AdwCleaner[R5].txt - [1860 octets] - [01/10/2014 19:45:09]
AdwCleaner[R6].txt - [1913 octets] - [02/10/2014 21:03:37]
AdwCleaner[R7].txt - [2098 octets] - [03/10/2014 15:49:42]
AdwCleaner[R8].txt - [1956 octets] - [05/10/2014 18:05:56]
AdwCleaner[R9].txt - [1657 octets] - [08/10/2014 14:29:43]
AdwCleaner[S0].txt - [23035 octets] - [18/09/2014 20:19:31]
AdwCleaner[S1].txt - [2197 octets] - [19/09/2014 18:45:42]
AdwCleaner[S2].txt - [1133 octets] - [19/09/2014 18:58:41]
AdwCleaner[S3].txt - [1128 octets] - [19/09/2014 19:13:07]
AdwCleaner[S4].txt - [2396 octets] - [29/09/2014 23:04:17]
AdwCleaner[S5].txt - [1927 octets] - [01/10/2014 19:56:31]
AdwCleaner[S6].txt - [2045 octets] - [02/10/2014 21:37:14]
AdwCleaner[S7].txt - [2165 octets] - [03/10/2014 16:08:57]
AdwCleaner[S8].txt - [2019 octets] - [05/10/2014 18:07:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [2258 octets] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 08-10-2014 14:38:36
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-24] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1323007780-3890308126-38582508-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB90B31D-DBC4-4353-9747-8CA485BEB5A7}: [NameServer] 81.218.119.15,199.203.35.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n3ksf79.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-04]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-04]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-04]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-05]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-04]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-04]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-05]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-04]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-24] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-24] (BlueStack Systems)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 14:38 - 2014-10-08 14:39 - 00015729 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-08 14:38 - 2014-10-08 14:38 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-10-08 14:31 - 2014-10-08 14:31 - 00002338 _____ () C:\Users\Owner\Desktop\AdwCleaner[R9].txt
2014-10-05 21:24 - 2014-10-05 21:24 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-04 19:54 - 2014-10-04 19:54 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-04 19:54 - 2014-10-04 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-04 19:52 - 2014-10-08 14:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 19:52 - 2014-10-08 13:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 19:52 - 2014-10-04 19:52 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-04 19:52 - 2014-10-04 19:52 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 19:33 - 2014-10-03 19:33 - 00854436 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-10-03 15:51 - 2014-10-08 14:38 - 00000000 ____D () C:\FRST
2014-10-03 15:48 - 2014-10-08 14:38 - 02109952 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-03 10:54 - 2014-10-03 10:54 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-10-01 22:15 - 2014-10-01 22:15 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2014-10-01 22:15 - 2014-10-01 22:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-01 21:52 - 2014-10-08 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 21:43 - 2014-10-01 21:43 - 01701878 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-01 21:43 - 2014-10-01 21:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 21:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 21:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 21:37 - 2014-10-01 21:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe
2014-10-01 19:44 - 2014-10-01 19:44 - 01375089 _____ () C:\Users\Owner\Desktop\adwcleaner_3.311.exe
2014-09-30 21:17 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:17 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:49 - 2014-09-29 22:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan
2014-09-29 19:43 - 2014-09-29 19:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-26 19:00 - 2014-09-26 19:00 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-09-26 18:58 - 2014-09-26 19:14 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-26 18:58 - 2014-09-26 18:58 - 13315232 _____ (BlueStack Systems Inc.) C:\Users\Owner\Downloads\BlueStacks-SplitInstaller_native_c.exe
2014-09-26 18:58 - 2014-09-26 18:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Bluestacks
2014-09-26 18:55 - 2014-10-08 13:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 18:55 - 2014-09-26 18:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 18:55 - 2014-09-26 18:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 18:55 - 2014-09-26 18:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 18:07 - 2014-09-26 18:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-09-25 19:04 - 2014-09-25 19:06 - 00000000 ____D () C:\ProgramData\AVG
2014-09-25 18:53 - 2014-09-25 18:53 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-25 18:52 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-25 18:52 - 2014-09-25 18:52 - 00000000 ___HD () C:\$AVG
2014-09-25 18:51 - 2014-09-25 19:05 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-25 18:49 - 2014-09-25 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-09-25 18:26 - 2014-09-25 18:26 - 00289358 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-25 18:26 - 2014-09-25 18:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-25 18:25 - 2014-09-25 18:26 - 00290984 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-25 18:23 - 2014-09-25 18:23 - 00001258 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-09-25 18:23 - 2014-09-25 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-25 17:59 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 17:59 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 14:26 - 2014-09-25 14:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-25 14:26 - 2014-09-25 14:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-25 14:25 - 2014-10-08 14:36 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-25 13:58 - 2014-09-25 13:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Norton Utilities
2014-09-25 13:46 - 2014-10-08 14:38 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33E0E603-0C7D-45AE-A69E-A9E47B47FB1D}
2014-09-25 13:45 - 2010-11-30 02:24 - 00108800 _____ (Symantec Corporation) C:\Windows\SysWOW64\Drivers\SymSpeedDisk.sys
2014-09-25 13:45 - 2010-11-30 02:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-09-25 13:45 - 2010-11-30 02:23 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-09-21 18:40 - 2014-09-21 18:40 - 00895120 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2014-09-20 16:42 - 2014-09-20 16:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 18:52 - 2014-09-19 18:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 18:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-18 20:39 - 2014-09-18 20:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2014-09-18 20:16 - 2014-10-08 14:31 - 00000000 ____D () C:\AdwCleaner
2014-09-18 08:48 - 2014-09-18 09:00 - 00000000 ____D () C:\Users\Owner\Doctor Web
2014-09-18 08:48 - 2014-09-18 08:49 - 19331048 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-09-18 08:41 - 2014-09-18 08:48 - 155175520 _____ () C:\Users\Owner\Downloads\fdgdykvu.exe
2014-09-17 11:53 - 2014-09-17 11:53 - 07284416 _____ () C:\Users\Owner\Downloads\spybotsd_includes.exe
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-09-16 15:29 - 2014-09-26 18:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-09-14 20:19 - 2014-09-14 20:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:19 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 20:18 - 2014-09-14 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 10:02 - 2014-09-11 10:02 - 00000000 ____D () C:\Users\Owner\Downloads\Jason Mraz - I Wont Give Up 2012
2014-09-10 23:59 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:59 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:59 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:59 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:59 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:59 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:59 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:59 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:59 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:59 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:59 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:59 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:59 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:59 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:59 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:59 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:59 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:59 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:59 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:59 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:59 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:59 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:59 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:59 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:59 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:59 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:59 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:59 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:59 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:59 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:59 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:59 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:59 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:59 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:59 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:59 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:59 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:59 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:59 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:59 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:59 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:59 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:59 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:59 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:59 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:59 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:59 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:59 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:59 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:59 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:59 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:59 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:53 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 23:53 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:36 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:36 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 21:36 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 21:36 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 21:36 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 21:36 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 21:36 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 21:36 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 21:36 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 19:32 - 2014-09-10 19:33 - 16995328 _____ () C:\Users\Owner\Downloads\mumble-1.2.8.msi
2014-09-10 12:19 - 2014-09-10 12:20 - 25239492 _____ () C:\Users\Owner\Downloads\Sphax PureBDcraft 128x MC18.zip
2014-09-10 00:43 - 2014-09-10 00:43 - 00000000 ____D () C:\Users\Owner\Downloads\aldnoah
2014-09-10 00:42 - 2014-09-10 00:42 - 104337930 _____ () C:\Users\Owner\Downloads\[140910]TVアニメ『アルドノア・ゼロ』ED「A/Z」(期間生産限定アニメ盤)/SawanoHiroyuki[nZk][320K+BK].rar
2014-09-10 00:25 - 2014-09-10 00:26 - 00000000 ____D () C:\Users\Owner\Downloads\Aldnoah.zero
2014-09-09 23:37 - 2014-09-10 00:21 - 187567297 _____ () C:\Users\Owner\Downloads\Hiroyuki Sawano - Aldnoah Zero Original Soundtrack [2014.09.10][320kbps].zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-08 14:36 - 2014-08-06 12:02 - 00065805 _____ () C:\Windows\setupact.log
2014-10-08 14:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 14:32 - 2014-08-15 19:22 - 00176466 _____ () C:\Windows\PFRO.log
2014-10-08 14:31 - 2011-12-13 12:54 - 01751586 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 14:31 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 14:31 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 13:36 - 2011-12-13 13:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-08 00:20 - 2012-08-01 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mumble
2014-10-07 17:29 - 2012-08-27 16:54 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-10-07 15:48 - 2011-12-25 18:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-05 17:39 - 2013-08-21 12:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-10-04 19:54 - 2012-02-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-04 19:54 - 2011-12-25 12:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-04 19:52 - 2011-12-25 12:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-10-04 17:29 - 2011-12-13 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-03 23:55 - 2014-01-18 18:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-10-03 22:41 - 2014-01-18 18:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-01 20:02 - 2012-03-31 15:43 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.1
2014-10-01 17:23 - 2013-08-01 21:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-09-29 19:47 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 23:33 - 2014-01-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-26 19:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 18:46 - 2011-12-13 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-26 18:09 - 2011-12-25 19:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 19:20 - 2012-06-03 18:15 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-09-25 19:20 - 2012-01-02 16:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-09-25 19:20 - 2011-12-29 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-09-25 19:20 - 2011-12-25 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-09-25 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-25 18:23 - 2011-12-13 14:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-25 14:08 - 2014-03-16 13:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 14:05 - 2013-10-20 09:26 - 00000000 ____D () C:\Windows\pss
2014-09-25 13:33 - 2013-10-06 06:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 13:33 - 2012-03-18 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:38 - 2012-01-14 22:56 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-09-22 07:42 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 17:33 - 2013-04-27 18:58 - 00000000 ____D () C:\Users\Owner\Documents\pokemmo
2014-09-20 16:41 - 2012-01-14 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-09-20 16:30 - 2012-08-10 10:33 - 00000000 ____D () C:\Users\Owner\Documents\pokemon game's
2014-09-20 08:19 - 2012-01-14 14:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-09-18 20:20 - 2011-12-13 12:53 - 00000000 ____D () C:\Users\Owner
2014-09-18 18:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-18 08:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-17 19:57 - 2014-06-14 19:43 - 00000083 _____ () C:\Users\Owner\.atl.properties
2014-09-16 20:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-09-16 19:43 - 2012-01-02 15:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-09-16 16:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-11 12:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:59 - 2011-12-29 18:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:58 - 2012-01-02 20:17 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:57 - 2013-07-24 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 23:53 - 2011-12-13 13:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 19:45 - 2012-08-01 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-09-10 19:45 - 2012-08-01 20:43 - 00000000 ____D () C:\Program Files (x86)\Mumble
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Owner\jagex_cl_loginapplet_LIVE.dat
C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA1.dat
C:\Users\Owner\random.dat
C:\Users\Owner\vlc-1.1.11-win32.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 10:57
 
==================== End Of Log ============================
 
the computer is running a bit slow and the ads are annoying with the pop ups


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 08 October 2014 - 12:54 PM


Nothing suspicious was found on your FRST log.

Follow these instructions.


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#5 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 October 2014 - 03:49 PM

after doing all of this i am still seeing the blue double underlined ed ad text



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 09 October 2014 - 08:18 AM

If you are connected to a router it might just be that it's been compromised.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

If the issue persists let me know in which browser(s).

#7 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 October 2014 - 10:36 AM

i am still getting the blue double underlined tte and something called dynamic pricer in google chrome and internet explorer



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 09 October 2014 - 12:30 PM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
When finished run the Farbar tool one more time and post a fresh log for my review.

#9 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 October 2014 - 02:35 AM

http://gyazo.com/ff4f7e218bbfdfb29dedf7fc3b1d6cac

in this screenshot of eset online scanner there were no threats found and i was not given the option to export the log.

but here is the farbar log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Owner (administrator) on OWNER-PC on 11-10-2014 08:32:00
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-24] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1323007780-3890308126-38582508-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB90B31D-DBC4-4353-9747-8CA485BEB5A7}: [NameServer] 81.218.119.15,199.203.35.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n3ksf79.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-09]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-09]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-09]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-09]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-10]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-09]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-09]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-09]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-24] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-08-28] (Hi-Rez Studios) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-24] (BlueStack Systems)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [762472 2010-08-06] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 08:31 - 2014-10-11 08:32 - 00015804 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-08 14:31 - 2014-10-08 14:31 - 00002338 _____ () C:\Users\Owner\Desktop\AdwCleaner[R9].txt
2014-10-05 21:24 - 2014-10-05 21:24 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-10-04 19:54 - 2014-10-04 19:54 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-04 19:54 - 2014-10-04 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-04 19:52 - 2014-10-11 07:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 19:52 - 2014-10-10 19:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 19:52 - 2014-10-04 19:52 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-04 19:52 - 2014-10-04 19:52 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 19:33 - 2014-10-03 19:33 - 00854436 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-10-03 15:51 - 2014-10-11 08:32 - 00000000 ____D () C:\FRST
2014-10-03 15:48 - 2014-10-08 14:38 - 02109952 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-03 10:54 - 2014-10-03 10:54 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-10-01 22:15 - 2014-10-01 22:15 - 02347384 _____ (ESET) C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
2014-10-01 22:15 - 2014-10-01 22:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-01 21:52 - 2014-10-08 09:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 21:43 - 2014-10-01 21:43 - 01701878 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-01 21:43 - 2014-10-01 21:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-10-01 21:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-01 21:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 21:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 21:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 21:37 - 2014-10-01 21:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-10-01 21:31 - 2014-10-01 21:31 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill64.exe
2014-10-01 19:44 - 2014-10-01 19:44 - 01375089 _____ () C:\Users\Owner\Desktop\adwcleaner_3.311.exe
2014-09-30 21:17 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:17 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:49 - 2014-09-29 22:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan
2014-09-29 19:43 - 2014-09-29 19:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-26 19:00 - 2014-09-26 19:00 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-09-26 19:00 - 2014-09-26 19:00 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-09-26 18:58 - 2014-09-26 19:14 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-26 18:58 - 2014-09-26 18:58 - 13315232 _____ (BlueStack Systems Inc.) C:\Users\Owner\Downloads\BlueStacks-SplitInstaller_native_c.exe
2014-09-26 18:58 - 2014-09-26 18:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\Bluestacks
2014-09-26 18:55 - 2014-10-11 07:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 18:55 - 2014-09-26 18:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 18:55 - 2014-09-26 18:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 18:55 - 2014-09-26 18:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 18:07 - 2014-09-26 18:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG
2014-09-25 19:06 - 2014-09-25 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg
2014-09-25 19:04 - 2014-09-25 19:06 - 00000000 ____D () C:\ProgramData\AVG
2014-09-25 18:53 - 2014-09-25 18:53 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVG2015
2014-09-25 18:53 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-25 18:52 - 2014-09-25 18:53 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-25 18:52 - 2014-09-25 18:52 - 00000000 ___HD () C:\$AVG
2014-09-25 18:51 - 2014-09-25 19:05 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-25 18:49 - 2014-09-25 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Avg2015
2014-09-25 18:26 - 2014-09-25 18:26 - 00289358 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-25 18:26 - 2014-09-25 18:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-25 18:25 - 2014-09-25 18:26 - 00290984 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-25 18:23 - 2014-09-25 18:23 - 00001258 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-09-25 18:23 - 2014-09-25 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-25 17:59 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 17:59 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 14:26 - 2014-09-25 14:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-25 14:26 - 2014-09-25 14:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-25 14:26 - 2014-09-25 14:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-25 14:25 - 2014-10-08 14:36 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-25 13:58 - 2014-09-25 13:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Norton Utilities
2014-09-25 13:46 - 2014-10-11 08:19 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33E0E603-0C7D-45AE-A69E-A9E47B47FB1D}
2014-09-25 13:45 - 2010-11-30 02:24 - 00108800 _____ (Symantec Corporation) C:\Windows\SysWOW64\Drivers\SymSpeedDisk.sys
2014-09-25 13:45 - 2010-11-30 02:23 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2014-09-25 13:45 - 2010-11-30 02:23 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2014-09-21 18:40 - 2014-09-21 18:40 - 00895120 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2014-09-20 16:42 - 2014-09-20 16:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-09-20 16:41 - 2014-09-20 16:41 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 18:52 - 2014-09-19 18:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 18:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-18 20:39 - 2014-09-18 20:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2014-09-18 20:16 - 2014-10-08 14:31 - 00000000 ____D () C:\AdwCleaner
2014-09-18 08:48 - 2014-09-18 09:00 - 00000000 ____D () C:\Users\Owner\Doctor Web
2014-09-18 08:48 - 2014-09-18 08:49 - 19331048 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-09-18 08:41 - 2014-09-18 08:48 - 155175520 _____ () C:\Users\Owner\Downloads\fdgdykvu.exe
2014-09-17 11:53 - 2014-09-17 11:53 - 07284416 _____ () C:\Users\Owner\Downloads\spybotsd_includes.exe
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-09-16 20:00 - 2014-09-16 20:00 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-09-16 15:29 - 2014-09-26 18:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-09-14 20:19 - 2014-09-14 20:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:19 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:18 - 2014-09-14 20:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-14 20:18 - 2014-09-14 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 10:02 - 2014-09-11 10:02 - 00000000 ____D () C:\Users\Owner\Downloads\Jason Mraz - I Wont Give Up 2012
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 07:36 - 2011-12-13 13:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-11 03:00 - 2011-12-13 12:54 - 01902522 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 23:15 - 2012-08-01 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mumble
2014-10-10 19:26 - 2014-08-06 12:02 - 00068026 _____ () C:\Windows\setupact.log
2014-10-10 19:18 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 19:18 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 19:09 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 19:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 21:54 - 2011-12-25 18:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-08 16:12 - 2012-08-27 16:54 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-10-08 14:32 - 2014-08-15 19:22 - 00176466 _____ () C:\Windows\PFRO.log
2014-10-05 17:39 - 2013-08-21 12:27 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-10-04 19:54 - 2012-02-02 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-04 19:54 - 2011-12-25 12:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-04 19:52 - 2011-12-25 12:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-10-04 17:29 - 2011-12-13 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-03 23:55 - 2014-01-18 18:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-10-03 22:41 - 2014-01-18 18:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-01 20:02 - 2012-03-31 15:43 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.1
2014-10-01 17:23 - 2013-08-01 21:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-09-29 19:47 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 23:33 - 2014-01-18 18:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-26 19:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 18:46 - 2011-12-13 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-26 18:09 - 2011-12-25 19:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-25 19:20 - 2012-06-03 18:15 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-09-25 19:20 - 2012-01-02 16:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-09-25 19:20 - 2011-12-29 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-09-25 19:20 - 2011-12-25 19:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-09-25 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-25 18:23 - 2011-12-13 14:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-25 14:08 - 2014-03-16 13:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-25 14:05 - 2013-10-20 09:26 - 00000000 ____D () C:\Windows\pss
2014-09-25 13:33 - 2013-10-06 06:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 13:33 - 2012-03-18 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 12:38 - 2012-01-14 22:56 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-09-22 07:42 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 17:33 - 2013-04-27 18:58 - 00000000 ____D () C:\Users\Owner\Documents\pokemmo
2014-09-20 16:41 - 2012-01-14 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-09-20 16:30 - 2012-08-10 10:33 - 00000000 ____D () C:\Users\Owner\Documents\pokemon game's
2014-09-20 08:19 - 2012-01-14 14:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-09-18 20:20 - 2011-12-13 12:53 - 00000000 ____D () C:\Users\Owner
2014-09-18 18:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-18 08:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-17 19:57 - 2014-06-14 19:43 - 00000083 _____ () C:\Users\Owner\.atl.properties
2014-09-16 20:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-09-16 19:43 - 2012-01-02 15:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-09-16 16:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-11 12:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Owner\jagex_cl_loginapplet_LIVE.dat
C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA1.dat
C:\Users\Owner\random.dat
C:\Users\Owner\vlc-1.1.11-win32.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 10:57
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 11 October 2014 - 07:27 AM

The FRST log is clean.

Try this.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

#11 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 October 2014 - 11:04 AM

still no luck im afraid



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 11 October 2014 - 01:09 PM


Try this.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove any the reference to 127.0.0.1:xxxx if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

If that fails then.

Disable all your Chrome extensions and see if the problem persists in Chrome

#13 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 October 2014 - 04:02 PM

the issue is still occuring even with all extensions disabled



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 12 October 2014 - 07:56 AM

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

#15 willyman18

willyman18
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 12 October 2014 - 04:08 PM

After uninstalling and restarting the ads are still popping up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users