Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

would love some of your time to help out a fellow interwebs person


  • This topic is locked This topic is locked
8 replies to this topic

#1 MrBonez

MrBonez

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 11 November 2014 - 11:13 AM

hello guys and girls.

i believe i have stumbled accross some malware/adware i think.

 

its this postads24 that opens a page all on its own and redirects to some advert site wanting a survey or trying to sell something

exclusiverewards seems to be the most popular that show's.

 

what i would like some help with is removing this sly sneaky butt hurt rubbish!

i have been trying as much as i possibly can to remove it where ever its hiding, adwcleaner can not see it or remove nor can the likes of AVG, super anti spyware, microsoft surcurity essentials and lastly avast antivirus

 

the super anti spyware has removed a lot of junk which is nice and running scans now produces nothing apart from tracking cookies.

but i still seem to have this postads24 able to open a page as and when it feels like!

 

so is there a program i can try that i have not tried to find this? if not then a full system reinstall is what i have on the cards next!

 

thank you ever so much for the help

 

cheers

 

ade

Attached Files

  • Attached File  dds.txt   20.77KB   1 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 16 November 2014 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know of any issues you are having with this computer.

Wait for further instructions.

Edited by nasdaq, 16 November 2014 - 10:15 AM.


#3 MrBonez

MrBonez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 16 November 2014 - 12:26 PM

hi mate

 

cheers for your help

i've been running endless scans and what not over the last few days but no success!

here is the log for you

 

thank you

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01
Ran by Bonez (administrator) on BONEZ-PC on 16-11-2014 18:19:29
Running from C:\Users\Bonez\Downloads
Loaded Profile: Bonez (Available profiles: Bonez & Mcx1-BONEZ-PC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Hotkey\PowerBiosServer.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Realtek Semiconductor Corporation) C:\Program Files\Realtek\Realtek Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\Hotkey\Hotkey.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1897768 2010-09-15] (Synaptics Incorporated)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3920496 2012-05-10] (VIA)
HKLM\...\Run: [BtServer] => C:\Program Files\REALTEK\Realtek Bluetooth\BTServer.exe [150016 2012-03-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-14] (RealNetworks, Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-09] (AVAST Software)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_189_Plugin.exe [854704 2014-10-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {71617458-c54a-11e2-bbad-0090f5d88ecd} - E:\AutoRun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {716175b5-c54a-11e2-bbad-0090f5d88ecd} - E:\AutoRun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {716175c2-c54a-11e2-bbad-0090f5d88ecd} - E:\AutoRun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {716175dd-c54a-11e2-bbad-0090f5d88ecd} - E:\AutoRun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {9bac39c7-7bc7-11e2-877f-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-804315736-2434498747-919747586-1000\...\MountPoints2: {ba1cef2e-b4cd-11e3-a560-0090f5d88ecd} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files\Hotkey\Hotkey.exe ()
Startup: C:\Users\Bonez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Timehop.lnk
ShortcutTarget: Timehop.lnk -> C:\Users\Bonez\AppData\Local\Apps\2.0\BRL0VV4Y.RR3\QHBV36PK.4JP\time..tion_73df3d945984a669_0001.0000_cc8c9ceb68a32ccd\Timehop.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [0_OneComOverlayIcon1] -> {8EB87237-AF50-46D3-B170-435F51B6E158} => C:\Program Files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [0_OneComOverlayIcon2] -> {50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275} => C:\Program Files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [0_OneComOverlayIcon3] -> {680C2705-E060-4AED-846C-40F1B1F253BD} => C:\Program Files\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bonez\AppData\Roaming\Mozilla\Firefox\Profiles\s91hnx58.default-1416153934578
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bankid.com/BankID Security Application,version=6.0.1.5 -> C:\Program Files\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bonez\AppData\Roaming\Mozilla\Firefox\Profiles\s91hnx58.default-1416153934578\searchplugins\googleuk-search.xml
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-14]
FF HKLM\...\Firefox\Extensions: [[email protected]<script type="text/javascript"> /* */ </script>] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R2 BTDevManager; C:\Program Files\REALTEK\Realtek Bluetooth\BTDevMgr.exe [20480 2012-02-16] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [461024 2012-03-07] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSSQL$INFLOWSQL; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-11] (Microsoft Corporation)
R2 PowerBiosServer; C:\Program Files\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 RtkBleServ; C:\Program Files\REALTEK\Realtek Bluetooth\RtkBleServ.exe [29696 2012-04-27] (Realtek Semiconductor Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-09] ()
S3 BthAudioHF; C:\Windows\System32\drivers\RtkHfp.sys [95336 2012-04-08] (Realtek Semiconductor Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-20] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-20] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219752 2012-05-08] (Realtek Semiconductor Corp.)
S3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [115816 2012-03-13] (Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\Windows\System32\DRIVERS\RtkAvrcp.sys [54376 2012-04-08] (Realtek Semiconductor Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [553064 2012-04-13] (Realtek Semiconductor Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [932456 2011-12-04] (Realtek Semiconductor Corporation                           )
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1832560 2012-05-03] (VIA Technologies, Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 18:18 - 2014-11-16 18:18 - 01108992 _____ (Farbar) C:\Users\Bonez\Downloads\FRST.exe
2014-11-16 17:05 - 2014-11-16 17:05 - 00000000 ____D () C:\Users\Bonez\Desktop\Old Firefox Data
2014-11-16 16:51 - 2014-11-16 16:51 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 16:51 - 2014-11-16 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 16:51 - 2014-11-16 16:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-16 16:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-16 16:51 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 16:50 - 2014-11-16 16:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bonez\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-16 16:48 - 2014-11-16 16:50 - 00000000 ____D () C:\AdwCleaner
2014-11-16 16:48 - 2014-11-16 16:48 - 02140160 _____ () C:\Users\Bonez\Downloads\adwcleaner_4.101.exe
2014-11-16 16:26 - 2014-11-16 18:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 18:33 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:33 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:33 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:33 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:33 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 15:57 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 15:57 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 15:57 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 15:57 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 15:57 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 15:57 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 15:57 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 15:57 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 15:57 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 15:57 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 15:57 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 15:57 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 15:57 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 15:57 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 15:57 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 15:57 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 15:57 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 15:57 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 15:57 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 15:57 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 15:57 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 15:57 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 15:56 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 15:56 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 15:56 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 15:56 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 15:56 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 15:56 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 15:56 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 15:55 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 15:55 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 15:55 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 15:55 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 15:55 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 15:55 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 15:55 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 15:55 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 15:55 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 16:56 - 2014-11-11 16:56 - 00688992 ____R (Swearware) C:\Users\Bonez\Downloads\dds.com
2014-11-11 15:21 - 2014-11-11 15:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-10 15:55 - 2014-11-16 16:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-10 15:55 - 2014-11-10 15:55 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-10 15:55 - 2014-11-10 15:55 - 00000000 ____D () C:\Users\Bonez\AppData\Roaming\SUPERAntiSpyware.com
2014-11-10 15:55 - 2014-11-10 15:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-10 15:55 - 2014-11-10 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-10 15:09 - 2014-11-10 15:10 - 20226952 _____ (SUPERAntiSpyware) C:\Users\Bonez\Downloads\SUPERAntiSpyware.exe
2014-11-10 15:05 - 2014-11-10 15:05 - 01706808 _____ (Thisisu) C:\Users\Bonez\Downloads\JRT.exe
2014-11-10 15:04 - 2014-11-16 17:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 15:04 - 2014-11-10 15:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-10 15:03 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 15:02 - 2014-11-10 15:03 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Bonez\Downloads\mbar-1.08.0.1001.exe
2014-11-10 12:28 - 2014-11-10 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-09 23:06 - 2014-11-13 18:38 - 00000448 _____ () C:\Windows\setupact.log
2014-11-09 23:06 - 2014-11-09 23:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-09 20:50 - 2014-11-09 20:53 - 00489885 _____ () C:\Users\Bonez\Downloads\avgremover.log
2014-11-09 20:45 - 2014-11-09 20:45 - 00002117 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-09 20:45 - 2014-11-09 20:45 - 00000000 ____D () C:\Users\Bonez\AppData\Roaming\AVAST Software
2014-11-09 20:45 - 2014-11-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-09 20:45 - 2014-11-09 20:44 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-09 20:45 - 2014-11-09 20:44 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-09 20:45 - 2014-11-09 20:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-09 20:45 - 2014-11-09 20:44 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-09 20:45 - 2014-11-09 20:44 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-09 20:45 - 2014-11-09 20:44 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-09 20:44 - 2014-11-09 20:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-09 20:44 - 2014-11-09 20:44 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-09 20:44 - 2014-11-09 20:44 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-09 20:44 - 2014-11-09 20:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-09 20:41 - 2014-11-09 20:41 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-09 20:40 - 2014-11-09 20:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-09 10:24 - 2014-11-09 10:24 - 00188282 _____ () C:\Users\Bonez\Documents\cc_20141109_102419.reg
2014-11-09 10:21 - 2014-11-09 10:21 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-09 10:21 - 2014-11-09 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-09 10:21 - 2014-11-09 10:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 10:20 - 2014-11-09 10:20 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bonez\Downloads\avg_remover_stf_x86_2015_5501.exe
2014-11-08 21:18 - 2014-11-08 21:18 - 05004328 _____ (AVAST Software) C:\Users\Bonez\Downloads\avast_free_antivirus_setup_online.exe
2014-11-08 20:38 - 2014-11-08 20:38 - 04974864 _____ (Piriform Ltd) C:\Users\Bonez\Downloads\ccsetup419.exe
2014-11-08 20:35 - 2014-11-08 20:35 - 00448512 _____ (OldTimer Tools) C:\Users\Bonez\Downloads\TFC.exe
2014-11-08 20:19 - 2014-11-08 20:19 - 04578024 _____ (AVG Technologies) C:\Users\Bonez\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-08 12:44 - 2014-11-08 12:44 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-08 12:44 - 2014-11-08 12:44 - 00000000 ____D () C:\Users\Bonez\AppData\Roaming\Mozilla
2014-11-08 12:44 - 2014-11-08 12:44 - 00000000 ____D () C:\Users\Bonez\AppData\Local\Mozilla
2014-11-08 11:49 - 2014-11-08 11:49 - 00064440 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-11-08 11:33 - 2014-11-08 11:46 - 00000000 ____D () C:\Program Files\ThinkPad Wireless LAN Adapter Software
2014-11-08 11:33 - 2014-11-08 11:33 - 00000000 ____D () C:\SWTOOLS
2014-11-08 10:51 - 2014-11-08 10:51 - 00090590 _____ () C:\Users\Bonez\Desktop\bookmarks.html
2014-11-07 18:42 - 2014-11-07 18:42 - 00026441 _____ () C:\Users\Bonez\Downloads\Addition.txt
2014-11-07 18:40 - 2014-11-16 18:19 - 00019961 _____ () C:\Users\Bonez\Downloads\FRST.txt
2014-11-07 18:40 - 2014-11-16 18:19 - 00000000 ____D () C:\FRST
2014-11-07 18:36 - 2014-11-07 18:36 - 00000000 ____D () C:\Windows\ERUNT
2014-11-07 09:44 - 2014-11-07 09:44 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-11-07 09:43 - 2014-11-07 09:43 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-11-06 10:16 - 2014-11-10 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 18:54 - 2014-11-05 19:04 - 276002304 ____R () C:\Users\Bonez\Downloads\Constantine.S01E01.HDTV.x264-LOL.mp4
2014-11-05 18:53 - 2014-11-05 18:54 - 00000000 ____D () C:\Users\Bonez\Downloads\The Blacklist S02E07 HDTV x264-LOL[ettv]
2014-11-03 13:09 - 2014-11-03 13:09 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-03 13:09 - 2014-11-03 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-02 17:20 - 2014-11-16 16:44 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-02 17:17 - 2014-11-02 17:19 - 24743106 _____ () C:\Users\Bonez\Downloads\vlc-2.1.5-win32.exe
2014-11-02 17:09 - 2013-11-07 19:53 - 00007269 ____N () C:\Users\Bonez\Downloads\The Wolverine [2013] BRRip XViD [AC3]-ETRG.srt
2014-11-02 17:01 - 2014-11-02 18:03 - 00000000 ____D () C:\Users\Bonez\Downloads\Edge of Tomorrow (2014) [1080p]
2014-11-02 17:00 - 2014-11-02 17:24 - 00000000 ____D () C:\Users\Bonez\Downloads\Into the Storm (2014) [1080p]
2014-11-01 12:53 - 2014-11-01 12:53 - 05332144 _____ () C:\Users\Bonez\Desktop\NOVEMBER DOCS.zip
2014-10-29 20:01 - 2014-10-29 20:02 - 00000000 ____D () C:\Users\Bonez\Downloads\Season 3
2014-10-28 19:27 - 2014-10-28 19:49 - 00000000 ____D () C:\Users\Bonez\Desktop\frida's birthday
2014-10-27 19:08 - 2014-10-27 19:09 - 00000000 ____D () C:\Users\Bonez\Downloads\The Walking Dead S05E03 HDTV x264-ASAP[ettv]
2014-10-25 18:54 - 2014-10-25 18:55 - 00000000 ____D () C:\Users\Bonez\Downloads\Z Nation S01E07 HDTV x264-BATV[ettv]
2014-10-24 19:21 - 2014-10-24 19:38 - 00000000 ____D () C:\Users\Bonez\Downloads\The Official UK TOP 40 Singles Chart (12 Oct 2014) ~Joint Stereo~[AryaN_L33T]
2014-10-24 19:06 - 2014-10-24 19:23 - 294556212 _____ () C:\Users\Bonez\Downloads\The.Mysteries.of.Laura.S01E06.HDTV.x264-LOL.mp4
2014-10-24 19:03 - 2014-10-24 19:17 - 248175468 _____ () C:\Users\Bonez\Downloads\Criminal.Minds.S10E04.HDTV.x264-LOL.mp4
2014-10-24 19:02 - 2014-10-24 19:21 - 275959654 _____ () C:\Users\Bonez\Downloads\The.Blacklist.S02E05.HDTV.x264-LOL.mp4
2014-10-22 08:08 - 2014-11-09 09:51 - 00069634 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.txt
2014-10-22 08:08 - 2014-11-08 15:27 - 02744744 _____ () C:\Users\Bonez\AppData\Roaming\TimeHopIndexedFiles.sqlite-wal
2014-10-22 08:08 - 2014-11-08 15:27 - 02211840 _____ () C:\Users\Bonez\AppData\Roaming\TimeHopIndexedFiles.sqlite
2014-10-22 08:08 - 2014-11-08 15:26 - 00255932 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.000.txt
2014-10-22 08:08 - 2014-11-08 13:05 - 00032768 _____ () C:\Users\Bonez\AppData\Roaming\TimeHopIndexedFiles.sqlite-shm
2014-10-22 08:08 - 2014-11-08 10:58 - 00254892 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.001.txt
2014-10-22 08:08 - 2014-11-03 13:09 - 00255935 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.002.txt
2014-10-22 08:08 - 2014-10-22 11:22 - 00255925 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.003.txt
2014-10-22 08:08 - 2014-10-22 11:09 - 00255974 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.004.txt
2014-10-22 08:08 - 2014-10-22 10:46 - 00255968 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.005.txt
2014-10-22 08:08 - 2014-10-22 10:33 - 00255941 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.006.txt
2014-10-22 08:08 - 2014-10-22 10:16 - 00255953 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.007.txt
2014-10-22 08:08 - 2014-10-22 09:38 - 00255872 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.008.txt
2014-10-22 08:08 - 2014-10-22 09:09 - 00255987 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.009.txt
2014-10-22 08:08 - 2014-10-22 08:59 - 00255974 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.010.txt
2014-10-22 08:08 - 2014-10-22 08:55 - 00255856 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.011.txt
2014-10-22 08:08 - 2014-10-22 08:52 - 00255986 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.012.txt
2014-10-22 08:08 - 2014-10-22 08:48 - 00255937 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.013.txt
2014-10-22 08:08 - 2014-10-22 08:44 - 00255920 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.014.txt
2014-10-22 08:08 - 2014-10-22 08:42 - 00255915 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.015.txt
2014-10-22 08:08 - 2014-10-22 08:39 - 00255853 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.016.txt
2014-10-22 08:08 - 2014-10-22 08:36 - 00255977 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.017.txt
2014-10-22 08:08 - 2014-10-22 08:33 - 00255925 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.018.txt
2014-10-22 08:08 - 2014-10-22 08:30 - 00255936 _____ () C:\Users\Bonez\AppData\Roaming\timehopsync.019.txt
2014-10-22 08:07 - 2014-11-09 09:55 - 00000000 ____D () C:\Users\Bonez\AppData\Local\Deployment
2014-10-22 08:07 - 2014-10-22 08:07 - 00000000 ____D () C:\Users\Bonez\AppData\Local\Apps\2.0
2014-10-20 20:37 - 2014-10-20 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-20 20:36 - 2014-10-20 20:37 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-19 09:53 - 2014-11-02 10:03 - 00012031 _____ () C:\Users\Bonez\Desktop\INVOICE TEMPLATE.ods
2014-10-17 19:41 - 2014-11-02 16:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-10-17 08:59 - 2014-10-17 08:59 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-17 08:59 - 2014-10-17 08:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-17 08:59 - 2014-10-17 08:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-17 08:59 - 2014-10-17 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-17 08:59 - 2014-10-17 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 08:59 - 2014-10-17 08:59 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:57 - 2013-11-06 10:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 17:26 - 2013-02-21 02:43 - 01629585 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 16:26 - 2013-03-05 19:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-16 16:26 - 2013-03-05 19:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 16:25 - 2013-04-26 18:49 - 00000000 ____D () C:\Users\Bonez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-16 16:25 - 2013-04-26 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-16 16:25 - 2013-04-26 18:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-16 15:57 - 2013-11-06 10:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 22:36 - 2009-07-14 05:34 - 00032416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 22:36 - 2009-07-14 05:34 - 00032416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 22:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-13 22:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 18:40 - 2013-02-20 19:12 - 00015933 _____ () C:\Users\Bonez\AppData\Local\BTServer.log
2014-11-13 18:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 16:24 - 2009-07-14 05:33 - 00298080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 16:09 - 2014-05-18 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 16:07 - 2013-08-25 08:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 15:58 - 2013-03-05 20:33 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 20:56 - 2013-02-20 19:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 21:01 - 2010-11-20 22:01 - 00849484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 12:35 - 2013-03-10 15:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-09 23:09 - 2014-02-10 11:41 - 00975872 ___SH () C:\Users\Bonez\Desktop\Thumbs.db
2014-11-09 20:47 - 2013-02-20 19:06 - 00000000 ____D () C:\Program Files\Hotkey
2014-11-09 10:23 - 2013-05-25 15:50 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 10:23 - 2013-02-21 10:39 - 00000000 ____D () C:\Windows\Panther
2014-11-08 21:49 - 2013-03-05 19:14 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-08 12:44 - 2013-02-20 19:32 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 11:48 - 2014-08-01 13:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-11-08 11:48 - 2013-02-20 19:15 - 00008224 _____ () C:\Users\Bonez\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-08 11:48 - 2013-02-20 18:46 - 00000000 ____D () C:\Users\Bonez
2014-11-08 11:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-08 11:47 - 2013-08-27 10:41 - 00000000 ____D () C:\Users\Mcx1-BONEZ-PC
2014-11-08 11:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 11:46 - 2011-04-12 03:21 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-08 11:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-11-08 11:45 - 2014-08-01 13:35 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-11-08 11:45 - 2013-04-27 16:48 - 00000000 ____D () C:\ProgramData\Real
2014-11-08 11:45 - 2013-02-21 21:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-04 14:30 - 2013-03-05 19:18 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 17:18 - 2013-12-01 20:04 - 00000000 ____D () C:\Users\Bonez\Downloads\The Wolverine (2013)
2014-11-02 16:35 - 2013-11-11 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-02 16:35 - 2013-02-23 18:31 - 00000000 ____D () C:\Program Files\DivX
2014-11-02 16:35 - 2013-02-23 18:29 - 00000000 ____D () C:\ProgramData\DivX
2014-10-21 13:15 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-20 20:37 - 2013-02-21 20:39 - 00000000 ____D () C:\Program Files\iTunes
2014-10-20 20:36 - 2013-02-21 21:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-20 20:36 - 2013-02-21 21:12 - 00000000 ____D () C:\Program Files\iPod
2014-10-17 09:04 - 2014-09-07 09:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 08:59 - 2013-07-10 10:54 - 00000000 ____D () C:\Program Files\Java
2014-10-17 08:58 - 2014-08-01 15:37 - 00017386 _____ () C:\Users\Bonez\Desktop\PRODUCT PRICES DRAFT 1.ods

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 22:58

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 16 November 2014 - 02:09 PM




Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

ShortcutTarget: Timehop.lnk -> C:\Users\Bonez\AppData\Local\Apps\2.0\BRL0VV4Y.RR3\QHBV36PK.4JP\time..tion_73df3d945984a669_0001.0000_cc8c9ceb68a32ccd\Timehop.exe (No File)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-09]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

If your problem persists reset the Browsers that are compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 MrBonez

MrBonez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 16 November 2014 - 02:21 PM

this is the fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-11-2014 01
Ran by Bonez at 2014-11-16 20:14:02 Run:1
Running from C:\Users\Bonez\Downloads
Loaded Profile: Bonez (Available profiles: Bonez & Mcx1-BONEZ-PC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

ShortcutTarget: Timehop.lnk -> C:\Users\Bonez\AppData\Local\Apps\2.0\BRL0VV4Y.RR3\QHBV36PK.4JP\time..tion_73df3d945984a669_0001.0000_cc8c9ceb68a32ccd\Timehop.exe (No File)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-09]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

End
*****************

C:\Users\Bonez\AppData\Local\Apps\2.0\BRL0VV4Y.RR3\QHBV36PK.4JP\time..tion_73df3d945984a669_0001.0000_cc8c9ceb68a32ccd\Timehop.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
hwdatacard => Service deleted successfully.
hwusbfake => Service deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-16 20:16:19)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => File could not move.

==== End of Fixlog ====

 

 

i have only been getting the redirect once maybe twice a day so before i run the security check i will see how it goes for 24 hours.

 

what did you find within the logs mate?

as all the suggested scans i've used have seen nothing untowards in my PC.

 

thank you very much for your help though! things like this make me want to pull my hair out!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 17 November 2014 - 07:39 AM

The malware has possibly modified your browsers.
Nothing much was remove with the fix.

#7 MrBonez

MrBonez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 19 November 2014 - 02:06 PM

all is well now.

thank you so much for your hard work in fixing it for me!

can not thank you enough buddy!

 

cheers

 

ade



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 19 November 2014 - 02:16 PM

 
If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
===


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 25 November 2014 - 11:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users