Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe infection leftovers.


  • This topic is locked This topic is locked
24 replies to this topic

#1 BenKenobi18

BenKenobi18

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 November 2014 - 11:18 PM

Have been making some headway against it, but I'm stuck at this point what to do. I've managed to get it so that the dllhost.exe isn't eating up my memory, but I've got a new problem. 

 

Internet explorer will not open. I checked for permissions and there's a strange account locking up the permissions on iexplore.exe. It doesn't appear that I'm able to unlock the permissions myself. I've saved and attempted to reinstall internet explorer, I've cancelled the updates and reupdated but while it will restore the files, it won't restore internet explorer to the machine.

 

I'd like to avoid a reinstall if at all possible. Suggestions? Machine runs fine now, and malwarebytes runs a clean log.

 

Thank you for your time. 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 13 November 2014 - 11:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555332 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:40 AM

DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17420
Run by SeanO at 7:36:19 on 2014-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3318.1675 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_223_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
StartupFolder: c:\users\seano\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\seano\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{29A8C749-55C4-41B7-93F7-48107986C0B9} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{403F55CC-C737-4246-A6B3-C168AEEFDB1B} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{403F55CC-C737-4246-A6B3-C168AEEFDB1B} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\seano\appdata\roaming\mozilla\firefox\profiles\b3gklpbn.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2014-3-30 17904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-3-30 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-3-31 243128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2014-3-30 432888]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-3-30 432888]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-3-30 98160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-10-22 164656]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2013-3-7 827272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2013-3-7 32648]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2014-3-30 44144]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2013-3-7 41480]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2014-3-30 224424]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-7-14 6814720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-12 102912]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-31 1343400]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2014-3-30 995064]
.
=============== Created Last 30 ================
.
2014-11-12 12:19:18 -------- d-sh--w- c:\users\seano\appdata\local\EmieBrowserModeList
2014-11-12 11:23:13 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 11:17:47 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 09:48:45 -------- d-----w- c:\program files\Anvisoft
2014-11-12 04:21:15 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 04:20:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-12 04:20:03 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-10 09:09:02 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-11-09 05:04:34 -------- d-----w- C:\AdwCleaner
2014-11-09 03:41:14 -------- d-----w- c:\windows\ERUNT
2014-11-09 02:17:08 -------- d-----w- c:\windows\pss
2014-11-09 01:57:30 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-11-09 01:56:39 -------- d-----w- c:\program files\DellTPad
2014-11-09 00:59:39 -------- d-----w- C:\FRST
2014-10-25 09:38:30 -------- d-----w- c:\users\seano\appdata\roaming\LucasArts
2014-10-24 07:17:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-10-24 07:14:58 503808 ----a-w- c:\windows\system32\msvcp71.dll
.
==================== Find3M  ====================
.
2014-11-13 04:21:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-13 04:21:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 17:27:54 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-06 03:28:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:25 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-11-05 17:50:47 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:50:28 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:47:40 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-14 09:12:31 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-14 09:12:30 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-21 06:26:21 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
.
============= FINISH:  7:37:45.07 ===============
 



#4 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:43 AM

"If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far."

 

I had a dllhost.exe infection that I attempted to clean myself that may have left residuals on my system. I'd like to check to make sure my system is actually clean.

 

"Please tell us if you have your original Windows CD/DVD available."

 

Yes. I have a copy of Windows 7. It's a Windows 7 32 bit system.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,381 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:12 AM

Posted 14 November 2014 - 08:04 PM

Greetings BenKenobi18 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:07 PM

Hi Gary. I'm Sean. Thanks for your help!



#7 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:14 PM

FARBER SCAN

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by SeanO (administrator) on SEANO-PC on 14-11-2014 19:09:15
Running from C:\Users\SeanO\Downloads
Loaded Profile: SeanO (Available profiles: SeanO)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_223_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Games\civ2\civ2.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-09-05] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {457e50ff-b877-11e3-b0c9-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {c44ff8ff-b894-11e3-8b39-5cac4cf35266} - E:\autorun.exe
Startup: C:\Users\SeanO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB0A3B3AA904CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{403F55CC-C737-4246-A6B3-C168AEEFDB1B}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\SeanO\AppData\Roaming\Mozilla\Firefox\Profiles\b3gklpbn.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]
CHR Extension: (Google Drive) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-08]
CHR Extension: (YouTube) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]
CHR Extension: (Google Search) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Gmail) - C:\Users\SeanO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [827272 2013-03-07] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32648 2013-03-07] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [41480 2013-03-07] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-31] (Disc Soft Ltd)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-14] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
U3 mbr; \??\C:\Users\SeanO\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 19:09 - 2014-11-14 19:10 - 00010022 _____ () C:\Users\SeanO\Downloads\FRST.txt
2014-11-14 19:08 - 2014-11-14 19:08 - 01108480 _____ (Farbar) C:\Users\SeanO\Downloads\FRST.exe
2014-11-14 07:38 - 2014-11-14 07:38 - 00005894 _____ () C:\Users\SeanO\Desktop\attach.txt
2014-11-14 07:38 - 2014-11-14 07:37 - 00013139 _____ () C:\Users\SeanO\Desktop\dds.txt
2014-11-14 07:36 - 2014-11-14 07:36 - 00688992 ____R (Swearware) C:\Users\SeanO\Downloads\dds.com
2014-11-14 06:40 - 2014-11-14 06:40 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-13 20:02 - 2014-11-14 06:37 - 00000168 _____ () C:\Windows\setupact.log
2014-11-13 20:02 - 2014-11-13 20:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 06:19 - 2014-11-12 06:19 - 00000000 __SHD () C:\Users\SeanO\AppData\Local\EmieBrowserModeList
2014-11-12 05:36 - 2014-11-12 05:36 - 01045504 _____ () C:\Users\SeanO\Downloads\MicrosoftFixit50778.msi
2014-11-12 05:23 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 05:22 - 2014-11-05 11:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 05:22 - 2014-11-05 11:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 05:22 - 2014-11-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 05:22 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 05:22 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 05:22 - 2014-10-09 18:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 05:22 - 2014-10-02 19:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 05:22 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 05:22 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 05:22 - 2014-10-02 19:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 05:22 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 05:22 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 05:22 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 05:22 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 05:17 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 05:17 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 05:17 - 2014-11-05 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 05:17 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 05:17 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 05:17 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 05:17 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 05:17 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 05:17 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 05:17 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 05:17 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 05:17 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 05:17 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 05:17 - 2014-11-05 20:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 05:17 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 05:17 - 2014-11-05 20:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 05:17 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 05:17 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 05:17 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 05:17 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 05:17 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 05:17 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 05:17 - 2014-11-05 20:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 05:17 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 05:17 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 05:17 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 05:17 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 05:17 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 05:17 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 05:17 - 2014-10-13 19:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 05:17 - 2014-10-13 19:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 05:17 - 2014-10-13 19:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 05:17 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 05:17 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 05:16 - 2014-11-12 05:16 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-12 05:16 - 2014-11-12 05:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-12 03:48 - 2014-11-12 03:48 - 00000000 ____D () C:\Program Files\Anvisoft
2014-11-12 03:47 - 2014-11-12 03:48 - 08806944 _____ (Anvisoft) C:\Users\SeanO\Downloads\brtsetup.exe
2014-11-12 03:13 - 2014-11-12 03:13 - 07155140 _____ () C:\Users\SeanO\Documents\ElizabethII.ftmb
2014-11-12 03:12 - 2014-11-12 03:12 - 00029752 _____ () C:\Users\SeanO\Desktop\DxDiag.txt
2014-11-11 23:16 - 2014-11-11 23:16 - 00000019 _____ () C:\Users\SeanO\Documents\routerURL.txt
2014-11-11 22:21 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 22:20 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 22:20 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-10 03:09 - 2014-08-28 19:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-08 23:04 - 2014-11-08 23:07 - 00000000 ____D () C:\AdwCleaner
2014-11-08 21:47 - 2014-11-08 21:47 - 00000633 _____ () C:\Users\SeanO\Desktop\JRT.txt
2014-11-08 21:41 - 2014-11-08 21:41 - 00000000 ____D () C:\Windows\ERUNT
2014-11-08 20:40 - 2014-11-08 20:46 - 00000000 _____ () C:\Users\SeanO\Desktop\Internet Explorer Troubleshooting.url
2014-11-08 20:24 - 2014-11-08 20:24 - 02077392 _____ (Microsoft Corporation) C:\Users\SeanO\Downloads\IE11-Windows6.1 (2).exe
2014-11-08 20:19 - 2014-11-08 20:19 - 00302011 _____ () C:\Users\SeanO\Downloads\WindowsUpdateDiagnostic.diagcab
2014-11-08 20:17 - 2014-11-12 05:55 - 00000000 ____D () C:\Windows\pss
2014-11-08 19:57 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-08 19:56 - 2014-11-12 05:58 - 00000000 ____D () C:\Program Files\DellTPad
2014-11-08 18:59 - 2014-11-14 19:09 - 00000000 ____D () C:\FRST
2014-10-31 17:48 - 2014-11-12 05:55 - 00000000 ____D () C:\Users\SeanO\Downloads\batteryinfoview
2014-10-31 17:48 - 2014-10-31 17:48 - 00117507 _____ () C:\Users\SeanO\Downloads\batteryinfoview.zip
2014-10-30 07:29 - 2014-10-30 07:29 - 06456195 _____ () C:\Users\SeanO\Documents\ElizabethII_2014-07-12_2014-08-12_2014-08-12_2014-10-03_2014-10-30.ftmb
2014-10-28 08:18 - 2014-10-28 08:18 - 00000210 _____ () C:\Users\SeanO\Documents\rurikoviddescents.txt
2014-10-25 03:38 - 2014-10-25 03:38 - 00000000 ____D () C:\Users\SeanO\AppData\Roaming\LucasArts
2014-10-24 01:18 - 2014-10-24 01:18 - 00000000 ____D () C:\Users\SeanO\Documents\My Games
2014-10-24 01:17 - 2004-01-11 23:00 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-10-24 01:16 - 2014-10-24 01:16 - 00181680 _____ () C:\Users\SeanO\Downloads\msvcr71.zip
2014-10-24 01:14 - 2013-09-24 11:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-10-24 01:12 - 2014-10-24 01:12 - 00134944 _____ () C:\Users\SeanO\Downloads\msvcp71.zip
2014-10-20 06:08 - 2014-10-20 06:08 - 05917237 _____ () C:\Users\SeanO\Documents\ElizabethII_2014-07-12_2014-08-12_2014-08-12_2014-10-03_2014-10-20.ftmb
2014-10-18 15:02 - 2014-10-29 09:51 - 00000102 _____ () C:\Users\SeanO\Documents\crusaderkingstargets.txt
2014-10-15 04:52 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 04:47 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 04:47 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 04:47 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 04:47 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 04:47 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 04:47 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 04:47 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 04:47 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 04:47 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 04:47 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 04:47 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 04:46 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 04:46 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 04:46 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 04:46 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 04:46 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 04:46 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 04:46 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 04:46 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 04:46 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 04:46 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 04:46 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 04:46 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 04:46 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 04:46 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 04:46 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 04:46 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 04:46 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 04:46 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 04:46 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 18:34 - 2014-03-31 02:58 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 16:51 - 2014-03-30 19:56 - 01608903 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 15:34 - 2014-03-31 02:58 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 14:38 - 2014-03-31 01:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-14 06:46 - 2009-07-13 22:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 06:46 - 2009-07-13 22:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 06:42 - 2010-11-20 15:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 06:40 - 2014-03-30 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-14 06:40 - 2014-03-30 23:38 - 00000000 ____D () C:\Program Files\Avira
2014-11-14 06:40 - 2014-03-30 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 06:38 - 2014-04-30 17:03 - 00000000 ___RD () C:\Users\SeanO\Dropbox
2014-11-14 06:38 - 2014-04-30 16:56 - 00000000 ____D () C:\Users\SeanO\AppData\Roaming\Dropbox
2014-11-14 06:37 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 01:22 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 22:00 - 2014-03-31 02:32 - 00000000 ____D () C:\Users\SeanO\AppData\Roaming\Skype
2014-11-12 22:21 - 2014-08-16 18:15 - 00000000 ____D () C:\Users\SeanO\AppData\Local\Adobe
2014-11-12 22:21 - 2014-04-02 19:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 22:21 - 2014-04-02 19:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 11:59 - 2014-03-30 20:53 - 00000000 ____D () C:\Windows\Panther
2014-11-12 11:27 - 2014-03-31 01:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 08:29 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 06:50 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 06:08 - 2009-07-13 22:33 - 00286472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 06:06 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 06:01 - 2014-03-30 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 06:01 - 2011-04-11 20:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-12 06:01 - 2009-07-13 20:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 06:00 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-11-12 05:58 - 2014-03-31 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 05:58 - 2014-03-31 01:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-12 05:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-12 05:54 - 2014-03-30 22:01 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 05:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2014-11-12 05:48 - 2014-03-31 02:23 - 00000000 ____D () C:\Users\SeanO\AppData\Roaming\DAEMON Tools Lite
2014-11-12 05:08 - 2014-03-30 18:04 - 00000000 ____D () C:\Users\SeanO
2014-11-12 05:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-12 04:34 - 2010-11-20 14:57 - 00000000 ____D () C:\Users\Administrator
2014-11-12 03:13 - 2014-03-31 00:49 - 00000000 ____D () C:\Users\SeanO\Documents\Family Tree Maker
2014-11-12 03:08 - 2014-10-06 15:41 - 00000281 _____ () C:\Users\SeanO\Documents\sourcingproject.txt
2014-10-26 03:52 - 2014-09-18 19:10 - 00000000 ___RD () C:\Program Files\Skype
2014-10-26 03:52 - 2014-03-31 02:31 - 00000000 ____D () C:\ProgramData\Skype
2014-10-24 01:22 - 2014-03-31 00:55 - 00000000 ____D () C:\Games

Some content of TEMP:
====================
C:\Users\SeanO\AppData\Local\Temp\avgnt.exe
C:\Users\SeanO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpybq1zy.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 02:26

==================== End Of Log ============================


 

ADDITIONS

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
Ran by SeanO at 2014-11-14 19:10:55
Running from C:\Users\SeanO\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell ControlVault Host Components Installer (HKLM\...\{8022CB10-15F8-43C6-AA18-6A38AEDD86B6}) (Version: 2.3.309.1625 - Broadcom Corporation)
Family Tree Maker 2012 (HKLM\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Indeo® Software (HKLM\...\Indeo® Software) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Magic Workstation 0.94f (HKLM\...\Magic Workstation_is1) (Version:  - Magic Technology)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MTG Card Images for Magic Workstation (HKLM\...\MTG Card Images for Magic Workstation_is1) (Version:  - )
MTG GamePack for Magic Workstation (HKLM\...\MTG GamePack for Magic Workstation_is1) (Version:  - Magic Technology)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Stella 3.9.3 (HKLM\...\Stella_is1) (Version:  - The Stella Team)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Tribes 2 (HKLM\...\Tribes 2) (Version: 1.0.0.0 - Sierra On-Line)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1776599715-439223896-4243483601-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SeanO\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-11-2014 09:00:23 Windows Update
11-11-2014 09:00:14 Windows Update
12-11-2014 09:00:25 Windows Update
12-11-2014 10:15:14 Windows Modules Installer
12-11-2014 10:28:51 Windows Update
12-11-2014 11:39:22 Restore Operation
12-11-2014 11:52:13 Windows Update
12-11-2014 18:04:03 clean12112014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DD52A03-ED19-452F-8406-AD98B43EF733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {6029183F-0E4A-4B07-B72B-0DADE2E5B851} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C0DC0960-73F2-42DA-860A-D423F314DBD2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1776599715-439223896-4243483601-1000
Task: {EE6A0E25-0BFF-4A27-A689-1A24D31F0D8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-30 22:18 - 2013-08-29 17:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-30 21:06 - 2011-07-25 08:43 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-03-31 00:55 - 1998-11-16 15:31 - 01970688 _____ () C:\Games\civ2\civ2.exe
2014-03-31 00:55 - 1997-03-17 15:39 - 00131072 _____ () C:\Games\civ2\timerdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1776599715-439223896-4243483601-500 - Administrator - Disabled)
Guest (S-1-5-21-1776599715-439223896-4243483601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1776599715-439223896-4243483601-1002 - Limited - Enabled)
SeanO (S-1-5-21-1776599715-439223896-4243483601-1000 - Administrator - Enabled) => C:\Users\SeanO

==================== Faulty Device Manager Devices =============

Name: Wireless Router with Ethernet Switch
Description: Wireless Router with Ethernet Switch
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 06:38:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 04:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6d9c3220
Faulting process id: 0x2370
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 06:08:41 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/12/2014 06:08:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:50:28 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/12/2014 05:04:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:03:50 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (11/12/2014 05:36:44 AM) (Source: MsiInstaller) (EventID: 10005) (User: SeanO-PC)
Description: Product: Microsoft Fix it 50778 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (11/12/2014 04:31:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 04:30:14 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2978128' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2978128_20141112_042937012-Microsoft .NET Framework 4.5.1-MSP0.txt.

System errors:
=============
Error: (11/14/2014 07:11:00 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

Error: (11/14/2014 10:26:57 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

Error: (11/14/2014 10:26:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

Error: (11/14/2014 10:26:52 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

Error: (11/14/2014 07:37:55 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

Error: (11/13/2014 10:13:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/12/2014 05:40:40 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RAVEN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{403F55CC-C737-4246-A6B3-C168AEEFDB1B.
The master browser is stopping or an election is being forced.

Error: (11/12/2014 04:37:25 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/12/2014 04:36:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 04:35:48 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Microsoft Office Sessions:
=========================
Error: (11/14/2014 06:38:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 04:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c00000056d9c3220237001cffeb0684c0acbC:\Program Files\Internet Explorer\iexplore.exeunknown769d583f-6abb-11e4-bfeb-5cac4cf35266

Error: (11/12/2014 06:08:41 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/12/2014 06:08:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:50:28 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/12/2014 05:04:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:03:50 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (11/12/2014 05:36:44 AM) (Source: MsiInstaller) (EventID: 10005) (User: SeanO-PC)
Description: Product: Microsoft Fix it 50778 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/12/2014 04:31:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 04:30:14 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29781281603C:\Windows\TEMP\KB2978128_20141112_042937012-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3317.83 MB
Available physical RAM: 1921.6 MB
Total Pagefile: 6633.95 MB
Available Pagefile: 4331.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:213.6 GB) NTFS
Drive e: (Civ2:MGE v1.0) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 00096766)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by BenKenobi18, 14 November 2014 - 09:25 PM.


#8 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:23 PM

Ok, here's the system specs you requested...

Attached Files


Edited by BenKenobi18, 14 November 2014 - 09:24 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,381 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:12 AM

Posted 14 November 2014 - 09:29 PM

Hi Sean,

My pleasure to help. Things look pretty good although we need to check the file structure on your hard drive.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {457e50ff-b877-11e3-b0c9-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {c44ff8ff-b894-11e3-8b39-5cac4cf35266} - E:\autorun.exe
U3 mbr; \??\C:\Users\SeanO\AppData\Local\Temp\mbr.sys [X]
C:\Users\SeanO\AppData\Local\Temp\avgnt.exe
C:\Users\SeanO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpybq1zy.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • CheckDiskGUI log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:45 PM

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-11-2014 01
Ran by SeanO at 2014-11-14 19:42:52 Run:2
Running from C:\Users\SeanO\Desktop
Loaded Profile: SeanO (Available profiles: SeanO)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {457e50ff-b877-11e3-b0c9-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1776599715-439223896-4243483601-1000\...\MountPoints2: {c44ff8ff-b894-11e3-8b39-5cac4cf35266} - E:\autorun.exe
U3 mbr; \??\C:\Users\SeanO\AppData\Local\Temp\mbr.sys [X]
C:\Users\SeanO\AppData\Local\Temp\avgnt.exe
C:\Users\SeanO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpybq1zy.dll
*****************

"HKU\S-1-5-21-1776599715-439223896-4243483601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{457e50ff-b877-11e3-b0c9-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{457e50ff-b877-11e3-b0c9-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-1776599715-439223896-4243483601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44ff8ff-b894-11e3-8b39-5cac4cf35266}" => Key deleted successfully.
"HKCR\CLSID\{c44ff8ff-b894-11e3-8b39-5cac4cf35266}" => Key not found.
mbr => Service deleted successfully.
C:\Users\SeanO\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\SeanO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpybq1zy.dll => Moved successfully.

==== End of Fixlog ====



#11 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 09:50 PM

and here's the ckdsk

 

There were no dirty bits.

 

Checkdisk of C: (Read only mode) started !

Started on : 2014/11/14 19:47:04

The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
  181504 file records processed.
File verification completed.
  608 large file records processed.
  0 bad file records processed.
  0 EA records processed.
  44 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
ndex entries processed)
  219322 index entries processed.
Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
  181504 file SDs/SIDs processed.
Security descriptor verification completed.
  18910 data files processed.
CHKDSK is verifying Usn Journal...
  36771520 USN bytes processed.
Usn Journal verification completed.
Windows has checked the file system and found no problems.
  312466431 KB total disk space.
  88600576 KB in 146981 files.
  87084 KB in 18911 indexes.
  0 KB in bad sectors.
  294667 KB in use by the system.
  65536 KB occupied by the log file.
  223484104 KB available on disk.
  4096 bytes in each allocation unit.
  78116607 total allocation units on disk.
  55871026 allocation units available on disk.

Checkdisk of C: (Read only mode) completed !

Ended on : 2014/11/14 19:48:26

Time elapsed : 82 seconds


Edited by BenKenobi18, 14 November 2014 - 09:54 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,381 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:12 AM

Posted 14 November 2014 - 10:07 PM

Despite the error report in the log your disk looks fine.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 November 2014 - 10:17 PM

Starting the emsisoft scan



#14 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 15 November 2014 - 12:41 AM

Here is the result of  the scan. One Trojan that was already in AVG's quarantine. Nothing in the wild it seems

Attached Files


Edited by BenKenobi18, 15 November 2014 - 12:46 AM.


#15 BenKenobi18

BenKenobi18
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 15 November 2014 - 12:47 AM

Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avira Desktop  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 CCleaner    
 Adobe Reader XI 
 Mozilla Firefox 28.0 Firefox out of Date! 
 Google Chrome 38.0.2125.104 
 Google Chrome 38.0.2125.111 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users