Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype crashing


  • This topic is locked This topic is locked
9 replies to this topic

#1 andrewsmith77

andrewsmith77

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 10 November 2014 - 08:22 PM

Hi,

 

I know I ran a malicious exe, and my skype is very slow and crashes when I am using it.  It will take 10+ min to log in and load everything.  and then when it actually runs, it will hang and I get a popup titled "Web Browser", and it says "this script is taking too long to execute, what do you want to do?"  And when I choose to close it, it closes skype.

 

Alot of my other programs were freezing and crashing too.. in fact almost all of them.  Skype is one of the last ones I haven't been able to fix.

 

I've been cleaning my computer for a couple of days now, and I had some virus that kept me from installing anti spyware stuff,and I did manual registry cleaning.

 

Some registry keys were restricted to me, even as an Administrator and thru running the one "telnet" like program that executes regedit as an administrator.  Finally, I used the registry registrar program to manually delete the keys in the "H Key Local Machine/Software/Microsoft/Windows NT/Current Version/Image File Execution Options". 

 

I have been following directions on this site and have run Ad-aware, ADWCleaner (many times, never finds anything), Malwarebytes, RKill in safemode and then running the scans as well.  Lastly I ran the Farbar Recovery Scan Tool, and I have a log from that.

 

Can someone please provide assistance....thanks

 

I didn't want to start posting logs without permssion... please reply back with directions.  thank you.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 PM

Posted 15 November 2014 - 08:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555636 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 andrewsmith77

andrewsmith77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 15 November 2014 - 08:34 PM

Hi,

 

I ran the 'dds' tool, and it says "DDS is not meant to run in 'Compatibility Mode'.  The program shall now exit."  

 

 

What should I do??

 

Thanks.

 

Andrew

 

 

Edit:  I enabled all compatibility, and firewall settings on Windows and I am still getting this error.  What do I do?

 

I am running windows 8.1 64-bit.


Edited by andrewsmith77, 15 November 2014 - 08:41 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 16 November 2014 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

This tool is compatible with Windows 8.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 andrewsmith77

andrewsmith77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 17 November 2014 - 10:34 AM

Hi ,

 

I ran the tool and here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by andrewsmith (administrator) on andrewsmith-WIN8 on 17-11-2014 09:20:15
Running from C:\Users\andrewsmith\Downloads
Loaded Profile: andrewsmith (Available profiles: andrewsmith)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\andrewsmith\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\skeype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\andrewsmith\AppData\Roaming\Spotify\spotify.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\andrewsmith\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\andrewsmith\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => c:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [Google Update] => C:\Users\andrewsmith\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-31] (Google Inc.)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [Spotify Web Helper] => C:\Users\andrewsmith\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [AIM for Windows] => C:\Users\andrewsmith\AppData\Local\AOL\AIM\aim.exe [1075144 2014-02-04] (AOL Inc.)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\...\RunOnce: [Application Restart #1] => C:\Users\andrewsmith\Downloads\GoogleChromePortable\App\Chrome-bin\chrome.exe [852808 2014-08-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\andrewsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1953195736-4197522713-3538353264-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1953195736-4197522713-3538353264-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\andrewsmith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1953195736-4197522713-3538353264-1002: @talk.google.com/O1DPlugin -> C:\Users\andrewsmith\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1953195736-4197522713-3538353264-1002: @tools.google.com/Google Update;version=3 -> C:\Users\andrewsmith\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1953195736-4197522713-3538353264-1002: @tools.google.com/Google Update;version=9 -> C:\Users\andrewsmith\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andrewsmith\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\andrewsmith\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]
CHR Extension: (Google Search) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]
CHR Extension: (Sight) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\epmaefhielclhlnmjofcdapbeepkmggh [2014-11-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-10] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2014-11-10] (Sysinternals)
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2014-08-19] (OpenVPN Technologies, Inc)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S4 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-28] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-09-10] (Atheros)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-10] (Emsisoft GmbH)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-05-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-02] (Advanced Micro Devices)
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-10] (Emsisoft GmbH)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-29] (Symantec Corporation)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows ® Codename Longhorn DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-09-01] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-08-25] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-10] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-28] (Microsoft Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 09:13 - 2014-11-17 09:13 - 00017760 _____ (Microsoft Corporation) C:\Users\andrewsmith\Downloads\dllhost.exe
2014-11-17 09:10 - 2014-11-17 09:10 - 02117120 _____ (Farbar) C:\Users\andrewsmith\Downloads\FRST64 (1).exe
2014-11-16 11:21 - 2014-11-16 11:21 - 00019801 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]guardians.of.the.galaxy.2014.1080p.brrip.x264.yify.torrent
2014-11-15 19:45 - 2014-11-15 19:45 - 00001532 _____ () C:\Users\andrewsmith\Desktop\Skype.lnk
2014-11-15 19:40 - 2014-11-16 20:58 - 00513305 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-15 19:32 - 2014-11-15 19:32 - 00688992 _____ (Swearware) C:\Users\andrewsmith\Downloads\dds (1).com
2014-11-15 19:29 - 2014-11-15 19:29 - 00688992 _____ (Swearware) C:\Users\andrewsmith\Downloads\dds.com
2014-11-12 17:57 - 2014-11-12 17:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-12 17:57 - 2014-11-12 17:57 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-12 15:30 - 2014-11-12 15:30 - 00005511 _____ () C:\Users\andrewsmith\Downloads\various-share-button-styles (1).zip
2014-11-12 15:28 - 2014-11-12 15:28 - 00005511 _____ () C:\Users\andrewsmith\Downloads\various-share-button-styles.zip
2014-11-11 11:27 - 2014-11-11 11:27 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-11 11:27 - 2014-11-11 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-11 11:27 - 2014-11-11 11:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-11 09:23 - 2014-11-11 09:23 - 04976456 _____ (Piriform Ltd) C:\Users\andrewsmith\Downloads\ccsetup419.exe
2014-11-10 21:31 - 2014-11-10 21:31 - 00000168 _____ () C:\Users\andrewsmith\Downloads\ATT00001.htm
2014-11-10 19:26 - 2014-11-10 19:26 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\andrewsmith\Downloads\tdsskiller.exe
2014-11-10 19:07 - 2014-11-10 19:10 - 00030428 _____ () C:\Users\andrewsmith\Downloads\Addition.txt
2014-11-10 19:06 - 2014-11-17 09:20 - 00015975 _____ () C:\Users\andrewsmith\Downloads\FRST.txt
2014-11-10 19:06 - 2014-11-17 09:20 - 00000000 ____D () C:\FRST
2014-11-10 19:05 - 2014-11-10 19:05 - 02116096 _____ (Farbar) C:\Users\andrewsmith\Downloads\FRST64.exe
2014-11-10 18:53 - 2014-11-10 18:53 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-11-10 18:19 - 2014-11-10 18:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 18:19 - 2014-11-10 18:19 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-10 18:19 - 2014-11-10 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 18:19 - 2014-11-10 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 18:19 - 2014-11-10 18:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 18:19 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-10 18:19 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-10 18:19 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-10 18:11 - 2014-11-10 18:11 - 00189792 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.exe
2014-11-10 18:03 - 2014-11-10 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-10 18:03 - 2014-11-10 18:03 - 00000000 ___RD () C:\Program Files (x86)\skeype
2014-11-10 17:49 - 2014-11-10 17:50 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-11-10 17:49 - 2014-11-10 17:49 - 00000921 _____ () C:\Users\andrewsmith\Desktop\Registrar Registry Manager.lnk
2014-11-10 17:49 - 2014-11-10 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
2014-11-10 17:46 - 2014-11-10 17:46 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\andrewsmith\Downloads\RegistrarHomeV7.exe
2014-11-10 17:39 - 2014-11-10 17:39 - 00000000 ____D () C:\PSTools
2014-11-10 16:13 - 2014-04-28 14:44 - 00396480 _____ (Sysinternals - www.sysinternals.com) C:\PsExec.exe
2014-11-10 16:12 - 2014-11-10 16:12 - 01686759 _____ () C:\Users\andrewsmith\Downloads\PSTools (1).zip
2014-11-10 15:19 - 2014-11-10 15:19 - 02347384 _____ (ESET) C:\Users\andrewsmith\Downloads\esetsmartinstaller_enu.exe
2014-11-10 15:19 - 2014-11-10 15:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-10 15:16 - 2014-11-10 15:16 - 00001584 _____ () C:\Users\andrewsmith\Desktop\JRT.txt
2014-11-10 15:14 - 2014-11-10 15:14 - 01706808 _____ (Thisisu) C:\Users\andrewsmith\Downloads\JRT.exe
2014-11-10 15:14 - 2014-11-10 15:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-10 15:09 - 2014-11-10 15:09 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\andrewsmith\Downloads\iExplore.exe
2014-11-10 13:24 - 2014-11-10 14:18 - 00077312 _____ (Emsisoft GmbH) C:\WINDOWS\system32\eamclean.exe
2014-11-10 13:24 - 2014-11-10 14:18 - 00000482 _____ () C:\WINDOWS\system32\eamclean.dat
2014-11-10 12:51 - 2014-11-10 12:51 - 00000762 _____ () C:\Users\andrewsmith\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-10 12:50 - 2014-11-10 13:26 - 00000000 ____D () C:\EEK
2014-11-10 12:46 - 2014-11-10 12:48 - 156056136 _____ () C:\Users\andrewsmith\Downloads\EmsisoftEmergencyKit.exe
2014-11-10 12:36 - 2014-11-10 12:36 - 05598341 _____ (Swearware) C:\Users\andrewsmith\Downloads\ComboFix (1).exe
2014-11-10 12:33 - 2014-11-10 12:36 - 05598341 _____ (Swearware) C:\Users\andrewsmith\Downloads\ComboFix.exe
2014-11-10 12:27 - 2014-11-10 12:38 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-10 12:27 - 2014-11-10 12:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-10 12:24 - 2014-11-10 12:24 - 17526360 _____ () C:\Users\andrewsmith\Downloads\RogueKillerX64.exe
2014-11-10 12:02 - 2014-11-10 12:02 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-11-10 11:46 - 2014-11-10 11:47 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\andrewsmith\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-11-10 11:30 - 2014-11-10 11:30 - 00321848 _____ (Malwarebytes Corporation) C:\Users\andrewsmith\Downloads\mbam-clean-2.1.1.1001.exe
2014-11-10 11:28 - 2014-11-10 11:29 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-10 11:28 - 2014-11-10 11:28 - 00000947 _____ () C:\Users\andrewsmith\Desktop\NTREGOPT.lnk
2014-11-10 11:28 - 2014-11-10 11:28 - 00000928 _____ () C:\Users\andrewsmith\Desktop\ERUNT.lnk
2014-11-10 11:28 - 2014-11-10 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-10 11:27 - 2014-11-10 11:28 - 00791393 _____ (Lars Hederer ) C:\Users\andrewsmith\Downloads\erunt-setup.exe
2014-11-10 11:25 - 2014-11-10 18:29 - 00003268 _____ () C:\Users\andrewsmith\Desktop\Rkill.txt
2014-11-10 11:22 - 2014-11-10 11:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\andrewsmith\Downloads\rkill.exe
2014-11-10 10:18 - 2014-11-10 10:18 - 00000000 ____D () C:\Users\andrewsmith\Desktop\PSTools
2014-11-10 10:17 - 2014-11-10 10:17 - 01686759 _____ () C:\Users\andrewsmith\Downloads\PSTools.zip
2014-11-10 10:17 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\andrewsmith\Desktop\autoruns.exe
2014-11-10 10:05 - 2014-11-10 10:05 - 00511633 _____ () C:\Users\andrewsmith\Downloads\Autoruns.zip
2014-11-10 09:58 - 2014-11-10 09:58 - 01546856 _____ (Skype Technologies S.A.) C:\Users\andrewsmith\Downloads\SkypeSetup.exe
2014-11-09 19:47 - 2014-11-10 12:02 - 00000000 _____ () C:\WINDOWS\SysWOW64\DllHost.exe.Z-missing.txt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\WINDOWS\pss
2014-11-09 19:30 - 2014-11-09 19:30 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-09 19:30 - 2014-11-09 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-09 19:30 - 2014-11-09 19:30 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-09 19:29 - 2014-11-09 23:19 - 00000000 ____D () C:\Users\andrewsmith\Desktop\Hitman Pro 3.7.8 Build 207
2014-11-09 19:29 - 2014-11-09 22:46 - 00000000 ____D () C:\Users\andrewsmith\Desktop\Hitman Pro 3.7.5 Build 199 Final Retail - SceneDL  (PimpRG)
2014-11-09 19:25 - 2014-11-09 19:26 - 00012973 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]hitman.pro.3.7.8.build.207.torrent
2014-11-09 19:25 - 2014-11-09 19:25 - 00012856 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]hitman.pro.3.7.5.build.199.final.retail.scenedl.pimprg.torrent
2014-11-09 19:24 - 2014-11-09 19:24 - 00013620 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]hitman.pro.3.7.6.build.201.final.retail.scenedl.pimprg.torrent
2014-11-09 19:18 - 2014-11-09 22:01 - 00000000 ____D () C:\Users\andrewsmith\Desktop\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk]
2014-11-09 19:17 - 2014-11-09 19:18 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\qBittorrent
2014-11-09 19:17 - 2014-11-09 19:17 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\qBittorrent
2014-11-09 19:16 - 2014-11-09 19:16 - 00001066 _____ () C:\Users\Public\Desktop\qBittorrent.lnk
2014-11-09 19:16 - 2014-11-09 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-11-09 19:16 - 2014-11-09 19:16 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-11-09 19:15 - 2014-11-09 19:15 - 10876097 _____ (The qBittorrent project) C:\Users\andrewsmith\Downloads\qbittorrent_3.1.11_setup.exe
2014-11-09 19:15 - 2014-11-09 19:15 - 00020316 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]hitman.pro.3.7.9.cracked.32.64.bit.danhuk (2).torrent
2014-11-09 19:12 - 2014-11-09 19:13 - 11222744 _____ (SurfRight B.V.) C:\Users\andrewsmith\Downloads\HitmanPro_x64 (1).exe
2014-11-09 18:08 - 2014-11-09 18:08 - 00000000 _____ () C:\Users\andrewsmith\AppData\Roaming\system.ini
2014-11-09 16:44 - 2014-11-09 16:44 - 00007982 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4020465.torrent
2014-11-09 11:05 - 2014-11-09 11:05 - 03298681 _____ () C:\Users\andrewsmith\Downloads\BrowserQuest-master.zip
2014-11-09 10:01 - 2014-11-09 10:02 - 00000000 ____D () C:\Users\andrewsmith\Desktop\Space Blaster
2014-11-09 09:59 - 2014-06-23 03:36 - 00000223 _____ () C:\Users\andrewsmith\Desktop\c2license.txt
2014-11-09 09:58 - 2014-11-09 09:58 - 00000958 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
2014-11-09 09:58 - 2014-11-09 09:58 - 00000862 _____ () C:\Users\Public\Desktop\Construct 2.lnk
2014-11-09 09:58 - 2014-11-09 09:58 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Construct2
2014-11-09 09:57 - 2014-11-09 10:00 - 00000000 ____D () C:\Program Files\Construct 2
2014-11-09 09:47 - 2014-11-09 09:50 - 127386298 ____R () C:\Users\andrewsmith\Downloads\Scirra.Construct.2.r173.Incl.License.zip
2014-11-09 09:47 - 2014-11-09 09:47 - 00019981 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]scirra.construct.2.game.maker.for.windows.r173.incl.licence.torrent
2014-11-09 09:46 - 2014-11-09 09:46 - 00020605 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]construct.2.r184.stable.torrent
2014-11-09 09:45 - 2014-11-09 09:46 - 131534408 _____ (Scirra ) C:\Users\andrewsmith\Downloads\construct2-r184-setup.exe
2014-11-07 11:21 - 2014-11-07 11:21 - 00104111 _____ () C:\Users\andrewsmith\Downloads\sample.zip
2014-11-07 11:21 - 2012-04-18 21:40 - 00000000 ____D () C:\Users\andrewsmith\Desktop\sample
2014-11-03 19:32 - 2014-11-03 19:32 - 00481749 _____ () C:\Users\andrewsmith\Downloads\twitter-bootstrap.jpl
2014-11-03 18:51 - 2014-11-03 18:55 - 237814232 _____ (Justinmind S.L.) C:\Users\andrewsmith\Downloads\Justinmind_Prototyper_Windows.exe
2014-11-01 12:41 - 2014-11-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-11-01 12:32 - 2014-11-01 12:42 - 00000000 ____D () C:\wamp
2014-11-01 12:24 - 2014-11-01 12:25 - 43507845 _____ (Hervé Leclerc (HeL) ) C:\Users\andrewsmith\Downloads\wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-64b.exe
2014-11-01 12:24 - 2014-11-01 12:24 - 06585122 _____ () C:\Users\andrewsmith\Downloads\wordpress-4.0.zip
2014-11-01 12:22 - 2014-11-01 12:23 - 24022378 _____ () C:\Users\andrewsmith\Downloads\clock12 (1).rar
2014-11-01 11:48 - 2014-11-01 11:48 - 24022378 _____ () C:\Users\andrewsmith\Downloads\clock12.rar
2014-11-01 09:45 - 2014-11-01 10:06 - 00000000 ____D () C:\Users\andrewsmith\Desktop\RubyCraftV3.1
2014-11-01 09:45 - 2014-11-01 09:45 - 02755601 _____ () C:\Users\andrewsmith\Downloads\RubyCraftV3.1.zip.zip
2014-10-27 18:28 - 2014-10-27 18:28 - 00252718 _____ () C:\Users\andrewsmith\Downloads\retailers-10-28-2014.csv
2014-10-26 17:44 - 2014-10-26 17:44 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 17:44 - 2014-10-26 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-26 14:38 - 2014-10-26 14:38 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\My Games
2014-10-26 14:38 - 2014-10-26 14:38 - 00000000 ____D () C:\ProgramData\Steam
2014-10-26 14:30 - 2014-10-26 14:38 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
2014-10-26 14:30 - 2014-10-26 14:30 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
2014-10-26 14:30 - 2014-10-26 14:30 - 00001056 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk
2014-10-26 12:20 - 2014-10-26 12:20 - 00880272 _____ (Google Inc.) C:\Users\andrewsmith\Downloads\ChromeSetup.exe
2014-10-26 12:10 - 2014-10-26 12:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\andrewsmith\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-26 12:02 - 2014-10-26 12:02 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Lavasoft
2014-10-26 11:50 - 2014-10-26 11:50 - 00000000 ____D () C:\ProgramData\BitDefender
2014-10-26 11:40 - 2014-10-26 11:40 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\LavasoftStatistics
2014-10-26 11:40 - 2014-07-10 13:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2014-10-26 11:40 - 2014-07-10 13:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2014-10-26 11:38 - 2014-11-01 16:52 - 00002336 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-26 11:38 - 2014-10-26 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-26 11:37 - 2014-10-26 11:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-24 06:22 - 2014-10-24 06:22 - 00000932 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-10-24 06:22 - 2014-10-24 06:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-10-23 19:21 - 2014-10-23 19:50 - 891457474 _____ (SpaceEngine ) C:\Users\andrewsmith\Downloads\SE-0971-setup.exe
2014-10-23 19:13 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Stellarium
2014-10-23 19:13 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\stellarium
2014-10-23 19:12 - 2014-10-23 19:12 - 00001739 _____ () C:\Users\Public\Desktop\Stellarium.lnk
2014-10-23 19:12 - 2014-10-23 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2014-10-23 19:11 - 2014-10-23 19:12 - 00000000 ____D () C:\Program Files\Stellarium
2014-10-23 18:56 - 2014-10-23 19:00 - 133984566 _____ (Stellarium team ) C:\Users\andrewsmith\Downloads\stellarium-0.13.1-win64 (1).exe
2014-10-23 18:56 - 2014-10-23 18:56 - 00001030 _____ () C:\Users\andrewsmith\Desktop\Celestia.lnk
2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
2014-10-23 18:55 - 2014-10-23 18:56 - 00000000 ____D () C:\Program Files (x86)\Celestia
2014-10-23 18:53 - 2014-10-23 18:55 - 34363645 _____ (Shatters Software ) C:\Users\andrewsmith\Downloads\celestia-win32-1.6.1.exe
2014-10-23 18:52 - 2014-10-23 18:54 - 16150656 _____ (Stellarium team ) C:\Users\andrewsmith\Downloads\stellarium-0.13.1-win64.exe
2014-10-19 18:15 - 2014-10-20 12:00 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Stigma - First 2013
2014-10-19 18:12 - 2014-10-19 20:39 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Moresebya - Коллекция 29 альбомов (2011-2013)
2014-10-19 17:44 - 2014-10-19 17:46 - 00000000 ____D () C:\Users\andrewsmith\Downloads\IC3PEAK Discography
2014-10-19 17:28 - 2014-10-20 11:30 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Witchbeat - Witchbeat (2014) [FLAC]
2014-10-19 17:26 - 2014-10-19 17:41 - 00000000 ____D () C:\Users\andrewsmith\Downloads\White Ring
2014-10-19 17:26 - 2014-10-19 17:26 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Damn Whøre
2014-10-19 17:25 - 2014-10-19 19:54 - 00000000 ____D () C:\Users\andrewsmith\Downloads\MNMN RECORDS NETLABEL - Birthday compilation (2013)
2014-10-19 17:25 - 2014-10-19 19:35 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Salem - (2013) G O O D B Y E
2014-10-19 17:25 - 2014-10-19 17:30 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Sadwave
2014-10-19 17:25 - 2014-10-19 17:25 - 00000000 ____D () C:\Users\andrewsmith\Downloads\De▲d Idols Discography (2012-2013)
2014-10-19 14:23 - 2014-10-19 14:23 - 00069458 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4273755.torrent
2014-10-19 14:23 - 2014-10-19 14:23 - 00019224 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4584417.torrent
2014-10-19 14:23 - 2014-10-19 14:23 - 00013784 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4581996.torrent
2014-10-19 14:23 - 2014-10-19 14:23 - 00013580 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4568429.torrent
2014-10-19 14:22 - 2014-10-19 14:22 - 00015872 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4603129.torrent
2014-10-19 14:21 - 2014-10-19 14:22 - 00016307 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4755358.torrent
2014-10-19 14:21 - 2014-10-19 14:21 - 00021062 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4843812.torrent
2014-10-19 14:21 - 2014-10-19 14:21 - 00019710 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4797776.torrent
2014-10-19 14:21 - 2014-10-19 14:21 - 00019185 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4825362.torrent
2014-10-19 14:21 - 2014-10-19 14:21 - 00011444 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4804952.torrent
2014-10-19 14:20 - 2014-10-19 14:20 - 00020740 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4846226.torrent
2014-10-19 14:04 - 2014-10-19 14:06 - 00000000 ____D () C:\Users\andrewsmith\Downloads\BLVCK  CEILING
2014-10-19 14:02 - 2014-10-19 14:02 - 00047554 _____ () C:\Users\andrewsmith\Downloads\[rutracker.org].t4414038.torrent
2014-10-18 12:19 - 2014-10-18 12:28 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Event Horizon (1997)
2014-10-18 12:18 - 2014-10-18 12:18 - 00016906 _____ () C:\Users\andrewsmith\Downloads\[kickass.to]event.horizon.1997.720p.brrip.x264.yify.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-17 09:14 - 2014-08-30 11:04 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Spotify
2014-11-17 09:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-17 08:44 - 2014-08-28 09:51 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Skype
2014-11-16 20:41 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-15 19:47 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-15 19:39 - 2014-08-28 13:17 - 00000000 ___DO () C:\Users\andrewsmith\OneDrive
2014-11-15 19:35 - 2014-03-18 04:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 19:35 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-15 19:31 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-15 19:31 - 2013-07-18 19:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-15 14:11 - 2014-08-28 09:41 - 00000000 ____D () C:\Users\andrewsmith\.VirtualBox
2014-11-14 15:34 - 2014-08-30 11:05 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\Spotify
2014-11-13 15:48 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\TeamViewer
2014-11-12 18:08 - 2014-09-11 22:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-12 18:07 - 2014-09-11 23:12 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\Adobe
2014-11-12 18:07 - 2013-07-17 23:57 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Adobe
2014-11-12 17:57 - 2014-09-11 22:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-11 13:03 - 2014-08-28 10:00 - 00000000 ____D () C:\Users\andrewsmith\.vagrant.d
2014-11-11 12:24 - 2014-08-27 21:37 - 00000000 ____D () C:\Program Files\Sublime Text 2
2014-11-11 11:41 - 2014-10-10 09:03 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\Ventrilo
2014-11-11 11:35 - 2014-08-28 15:39 - 00000000 ___DC () C:\WINDOWS\Panther
2014-11-11 11:35 - 2014-08-28 14:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-11 11:35 - 2013-07-26 18:43 - 00000000 ____D () C:\Users\andrewsmith\AppData\Local\CrashDumps
2014-11-10 18:53 - 2014-08-27 23:17 - 00000000 ____D () C:\ProgramData\Skype
2014-11-10 18:51 - 2014-08-28 12:49 - 00000000 ____D () C:\Users\andrewsmith
2014-11-10 12:30 - 2013-08-22 08:44 - 00337864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-10 12:27 - 2014-09-11 22:52 - 00000000 ____D () C:\CS2
2014-11-10 12:13 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Vss
2014-11-10 11:36 - 2013-07-18 17:29 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\uTorrent
2014-11-10 11:18 - 2014-05-27 14:47 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update
2014-11-10 11:15 - 2014-08-30 23:57 - 00001102 _____ () C:\WINDOWS\system32\.crusader
2014-11-10 11:05 - 2014-08-27 21:24 - 00000000 ____D () C:\AdwCleaner
2014-11-10 01:01 - 2013-07-20 21:31 - 00000000 ____D () C:\Users\andrewsmith\Downloads\Newshosting
2014-11-09 18:13 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-09 18:03 - 2014-08-31 13:58 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1953195736-4197522713-3538353264-1002UA.job
2014-11-09 17:28 - 2013-07-18 16:33 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 15:03 - 2014-08-31 13:58 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1953195736-4197522713-3538353264-1002Core.job
2014-11-09 13:28 - 2013-07-18 16:33 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 12:18 - 2014-09-18 16:31 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\mIRC
2014-11-05 09:31 - 2013-07-18 00:07 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1953195736-4197522713-3538353264-1002
2014-10-31 18:04 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-30 05:25 - 2014-08-27 22:49 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-29 10:40 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-29 10:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-29 10:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-29 10:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-29 10:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-28 07:33 - 2013-07-21 18:08 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\vlc
2014-10-26 17:44 - 2013-07-18 16:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-26 14:38 - 2014-09-01 18:11 - 00000000 ____D () C:\Users\andrewsmith\Documents\My Games
2014-10-26 12:52 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-26 12:23 - 2013-07-18 16:33 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 12:23 - 2013-07-18 16:33 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 06:19 - 2014-09-03 20:48 - 00000000 ____D () C:\Games
2014-10-23 19:13 - 2014-08-28 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 17:46 - 2014-10-12 21:34 - 00000000 ____D () C:\Users\andrewsmith\AppData\Roaming\dvdcss
2014-10-19 02:41 - 2014-09-20 22:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-03 05:37
 
==================== End Of Log ============================
 
And please see attached for addition.txt

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 17 November 2014 - 01:31 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites05_14_15_ch&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzztByE0FyBzzyE0DyDtD0CtN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByE0F0EyB0D0FyDtGtC0BtB0DtG0Czz0DtDtGtCtBtAtDtGyBtBzz0C0Azz0A0A0C0AtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0CyDtDyC0CtBtGyEtD0DtBtGzzzztCzytG0EyCtCtDtGtCtAtAyEtAyDtBzzyBtCyCtA2Q&cr=1904758120&ir=
SearchScopes: HKLM-x32 - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Toolbar: HKU\S-1-5-21-1953195736-4197522713-3538353264-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Google Wallet) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 23 November 2014 - 09:31 AM

Are you still with me?



#8 andrewsmith77

andrewsmith77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 24 November 2014 - 12:41 PM

Hi,

 

I am still here...

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by andrewsmith at 2014-11-24 11:32:41 Run:1
Running from C:\Users\andrewsmith\Downloads
Loaded Profile: andrewsmith (Available profiles: andrewsmith)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Toolbar: HKU\S-1-5-21-1953195736-4197522713-3538353264-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Google Wallet) - C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value not found.
"HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites05_14_15_ch&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzztByE0FyBzzyE0DyDtD0CtN0D0Tzu0SzztAtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByE0F0EyB0D0FyDtGtC0BtB0DtG0Czz0DtDtGtCtBtAtDtGyBtBzz0C0Azz0A0A0C0AtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0CyDtDyC0CtBtGyEtD0DtBtGzzzztCzytG0EyCtCtDtGtCtAtAyEtAyDtBzzyBtCyCtA2Q&cr=1904758120&ir= => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {9C4C27F7-132B-4011-8EE0-C2AAAD2736BD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}" => Key deleted successfully.
"HKCR\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}" => Key deleted successfully.
HKU\S-1-5-21-1953195736-4197522713-3538353264-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\andrewsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
avchv => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
checkup.txt:

 

 Results of screen317's Security Check version 0.99.90  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Java version out of Date!
 Adobe Reader XI  
 Google Chrome (38.0.2125.104) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
andrewsmith AppData Local Google\Update\Install\{FB56B772-99CB-4F03-9952-05AF55648286}\GoogleUpdateSetup.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Edited by andrewsmith77, 24 November 2014 - 12:43 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 24 November 2014 - 02:01 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.
 
You can manually check your present version and update as recommended.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
Java 7 Update 67
 
===
 
If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
===


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:44 PM

Posted 30 November 2014 - 10:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users