Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im infected, I was sent here by hackfourms


  • This topic is locked This topic is locked
13 replies to this topic

#1 Deadlyfamous

Deadlyfamous

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 21 November 2014 - 05:31 PM

I keep finding malware and im not downloading anything. here is the logs!

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 26 November 2014 - 05:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557131 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 27 November 2014 - 07:09 PM

Hello, Im not really sure if I need help anymore or not. Ive recently experience having lagging issues on my computer, I was on hackfourms and this guy told me that it was a trojan, I got it removed, Next couple of days anti-malewarebytes found another trojan.... However I removed that and scan nothing since. Ive also ran emsisoft anti-malware and it detected something, Removed and nothing since for the past week. Im not to sure if it is gone forever or not. Im still having a little high cpu usage when running barely anything. I also had snap.do and it wouldnt delete, Ive tryed many different ways to get rid of it. This is what it says every time I remove it.   hxxp://gyazo.com/6c1bf5aac000be66750cb4396ee389a9
I have also posted a new dds, Like I said I wasn't sure if I still have the virus or not. Please give me advice to get rid of snap.do to.
Thank you and have a good day.

Attached Files


Edited by Orange Blossom, 28 November 2014 - 05:08 PM.
Deactivate link. ~ OB


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 29 November 2014 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 November 2014 - 12:24 AM

Adware: # AdwCleaner v4.102 - Report created 01/12/2014 at 00:19:36

# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : zackery - ZACKERY-HP
# Running from : C:\Users\zackery\Downloads\adwcleaner_4.102.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Folder Found : C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16446
 
 
-\\ Google Chrome v37.0.2062.124
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [14054 octets] - [25/06/2014 01:15:43]
AdwCleaner[R1].txt - [12258 octets] - [28/09/2014 21:41:18]
AdwCleaner[R2].txt - [2476 octets] - [19/11/2014 23:33:51]
AdwCleaner[R3].txt - [1306 octets] - [01/12/2014 00:19:36]
AdwCleaner[S0].txt - [12977 octets] - [25/06/2014 01:18:01]
AdwCleaner[S1].txt - [12322 octets] - [28/09/2014 21:42:31]
AdwCleaner[S2].txt - [2486 octets] - [19/11/2014 23:36:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1548 octets] ##########

Heres for farbar
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by zackery (administrator) on ZACKERY-HP on 01-12-2014 00:21:49
Running from C:\Users\zackery\Downloads
Loaded Profile: zackery (Available profiles: zackery)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Akamai Technologies, Inc.) C:\Users\zackery\AppData\Local\Akamai\netsession_win.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Akamai Technologies, Inc.) C:\Users\zackery\AppData\Local\Akamai\netsession_win.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.229\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.13\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.119\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\zackery\Downloads\adwcleaner_4.102.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-11-24] (Emsisoft GmbH)
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Run: [Akamai NetSession Interface] => C:\Users\zackery\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22059616 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
Startup: C:\Users\zackery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\zackery\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: [ShellExt1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll ()
ShellIconOverlayIdentifiers: [ShellExt2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll ()
ShellIconOverlayIdentifiers: [ShellExt3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll ()
ShellIconOverlayIdentifiers: [ShellExt4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => C:\Program Files (x86)\4Sync\ShellExt.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49586;https=127.0.0.1:49586
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2999761125-2711575400-1308156047-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4ED9B74C-9F36-4545-918E-4070D0F58F0C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{67D8DD19-CBC7-450F-BF02-3202628906B0}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\zackery\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-2999761125-2711575400-1308156047-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\zackery\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKU\S-1-5-21-2999761125-2711575400-1308156047-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\zackery\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2999761125-2711575400-1308156047-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Extension: ArcadeWeb - C:\Users\zackery\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2012-09-20]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-06-09]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Firefox\Extensions: [{193fe82a-c958-450c-8097-de926f5db967}] - C:\Program Files (x86)\LyricSing\130.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-29]
CHR Extension: (µBlock) - C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2014-09-29]
CHR Extension: (Google Wallet) - C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\zackery\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx []
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\zackery\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-11-24] (Emsisoft GmbH)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5161080 2012-06-13] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-10-17] (Echobit LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4233088 2013-04-29] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S4 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S4 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [X]
S4 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-18] (Echobit, LLC)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2943192 2013-07-04] (Realtek Semiconductor Corporation                           )
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 00:21 - 2014-12-01 00:22 - 00019650 _____ () C:\Users\zackery\Downloads\FRST.txt
2014-12-01 00:21 - 2014-12-01 00:22 - 00000000 ____D () C:\FRST
2014-12-01 00:21 - 2014-12-01 00:21 - 02117632 _____ (Farbar) C:\Users\zackery\Downloads\FRST64.exe
2014-12-01 00:18 - 2014-12-01 00:19 - 02148864 _____ () C:\Users\zackery\Downloads\adwcleaner_4.102.exe
2014-11-30 11:15 - 2014-11-30 11:15 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\AVG2012
2014-11-29 11:39 - 2014-11-29 11:39 - 00000219 _____ () C:\Users\zackery\Desktop\Counter-Strike Global Offensive.url
2014-11-28 18:55 - 2014-11-28 18:57 - 00688992 ____R (Swearware) C:\Users\zackery\Downloads\dds (1).com
2014-11-26 20:24 - 2014-11-26 20:25 - 00001808 _____ () C:\sc-cleaner.txt
2014-11-26 20:24 - 2014-11-26 20:24 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\zackery\Downloads\sc-cleaner.exe
2014-11-26 20:17 - 2014-11-26 20:17 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\zackery\Downloads\ADSSpy.exe
2014-11-26 18:55 - 2014-11-26 18:57 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\Curse Client
2014-11-26 18:55 - 2014-11-26 18:55 - 00001304 _____ () C:\Users\zackery\Desktop\Curse.lnk
2014-11-26 18:55 - 2014-11-26 18:55 - 00001290 _____ () C:\Users\zackery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-11-26 18:54 - 2014-11-26 18:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-26 18:53 - 2014-11-26 18:53 - 31012080 _____ (Curse) C:\Users\zackery\Downloads\CurseClientSetup.exe
2014-11-26 17:06 - 2014-11-26 17:06 - 30092707 _____ () C:\Users\zackery\Downloads\IncredibleJourneyBeta.zip
2014-11-24 09:14 - 2014-11-24 09:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-11-24 03:43 - 2014-11-24 03:43 - 00001057 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-11-24 03:43 - 2014-11-24 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-11-24 03:42 - 2014-12-01 00:15 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-24 03:39 - 2014-11-24 03:41 - 233663808 _____ (Emsisoft GmbH ) C:\Users\zackery\Downloads\EmsisoftAntiMalwareSetup.exe
2014-11-22 22:31 - 2014-11-22 22:31 - 00018068 _____ () C:\Users\zackery\Downloads\dds.txt
2014-11-22 21:48 - 2014-11-22 21:48 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\java
2014-11-22 17:26 - 2014-11-22 17:26 - 00688992 ____R (Swearware) C:\Users\zackery\Downloads\dds.com
2014-11-22 17:10 - 2014-11-22 17:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\zackery\Downloads\tdsskiller.exe
2014-11-21 12:59 - 2014-11-21 12:59 - 00000948 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-11-21 12:59 - 2014-11-21 12:59 - 00000948 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-11-21 12:58 - 2014-11-21 12:58 - 09769123 _____ (Nota Inc. ) C:\Users\zackery\Downloads\Gyazo-2.3.0.exe
2014-11-20 17:06 - 2014-11-20 17:06 - 00428068 _____ () C:\Users\zackery\Downloads\OptiFine_1.6.4_HD_U_D1.jar
2014-11-20 17:01 - 2014-11-20 17:18 - 62166237 _____ () C:\Users\zackery\Downloads\Feed The Beast 128x Sphax Addon 122.zip
2014-11-19 23:33 - 2014-11-19 23:33 - 02140160 _____ () C:\Users\zackery\Downloads\AdwCleaner.exe
2014-11-19 23:15 - 2014-11-19 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-11-19 23:11 - 2014-11-19 23:13 - 177856928 _____ (Oracle Corporation) C:\Users\zackery\Downloads\jdk-8u25-windows-x64.exe
2014-11-19 23:00 - 2014-11-19 23:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-19 23:00 - 2014-11-19 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 22:59 - 2014-11-19 22:59 - 00638888 _____ (Oracle Corporation) C:\Users\zackery\Downloads\chromeinstall-8u25 (1).exe
2014-11-19 22:51 - 2014-11-19 22:51 - 00003170 _____ () C:\Windows\System32\Tasks\{C36B3818-E7FA-416C-B45E-4D649C71237F}
2014-11-19 22:47 - 2014-11-19 22:47 - 00638888 _____ (Oracle Corporation) C:\Users\zackery\Downloads\chromeinstall-8u25.exe
2014-11-19 22:35 - 2014-11-19 22:35 - 01707532 _____ (Thisisu) C:\Users\zackery\Downloads\JRT.exe
2014-11-19 22:32 - 2014-11-19 22:32 - 00000000 ____D () C:\AMD
2014-11-19 22:29 - 2014-11-19 22:29 - 00891224 _____ (AMD) C:\Users\zackery\Downloads\amddriverdownloader.exe
2014-11-19 22:22 - 2014-11-19 22:22 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\NewspaperDirect
2014-11-19 22:21 - 2014-11-19 22:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-19 22:08 - 2014-11-19 22:09 - 69999448 _____ (Microsoft Corporation) C:\Users\zackery\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2014-11-19 22:06 - 2014-11-19 22:06 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\Roxio Log Files
2014-11-19 22:01 - 2014-11-19 22:01 - 05008056 _____ (Adobe Systems Inc.) C:\Users\zackery\Downloads\Shockwave_Installer_Slim.exe
2014-11-19 21:58 - 2014-11-19 21:58 - 17711760 _____ (Adobe Systems Inc.) C:\Users\zackery\Downloads\AdobeAIRInstaller.exe
2014-11-19 06:07 - 2014-11-19 06:07 - 00401920 _____ (Farbar) C:\Users\zackery\Downloads\MiniToolBox.exe
2014-11-19 06:07 - 2014-11-19 06:07 - 00026866 _____ () C:\Users\zackery\Downloads\Result.txt
2014-11-18 07:00 - 2014-11-18 07:00 - 07354847 _____ () C:\Users\zackery\Downloads\Sphax PureBDcraft  32x MC16.zip
2014-11-18 06:59 - 2014-11-18 06:59 - 04627838 _____ () C:\Users\zackery\Downloads\Sphax PureBDcraft  16x MC16.zip
2014-11-17 23:32 - 2014-11-17 23:32 - 00000850 _____ () C:\Users\zackery\Downloads\Enable_Install-Updates-and-Shut-Down_Option.reg
2014-11-17 23:30 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 23:30 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 23:30 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 23:30 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-17 23:30 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 23:30 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-17 23:30 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-17 23:30 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-14 16:42 - 2014-11-14 16:42 - 00003346 _____ () C:\Windows\System32\Tasks\{42CE2492-9D5C-45EE-9EE8-834F60473EDF}
2014-11-10 23:28 - 2014-11-10 23:28 - 01942543 _____ () C:\Users\zackery\Downloads\src.zip
2014-11-10 16:44 - 2014-11-10 16:44 - 07274874 _____ () C:\Users\zackery\Downloads\Resilience 1.2.5 (1.7.x).zip
2014-11-06 17:08 - 2014-11-06 17:09 - 00000023 _____ () C:\Users\zackery\Desktop\Server.txt
2014-11-06 08:29 - 2014-11-10 23:35 - 00000000 ____D () C:\Users\zackery\AppData\Local\Eclipse
2014-11-06 08:28 - 2014-11-10 23:42 - 00000000 ____D () C:\Users\zackery\workspace
2014-11-06 08:27 - 2014-11-06 08:27 - 00000000 ____D () C:\Users\zackery\Desktop\Eclipse
2014-11-06 08:26 - 2014-11-06 08:27 - 135250659 _____ () C:\Users\zackery\Downloads\eclipse-java-indigo-SR2-win32-x86_64.zip
2014-11-05 15:23 - 2014-11-05 15:24 - 135815584 _____ (Oracle Corporation) C:\Users\zackery\Downloads\jdk-7u71-windows-x64 (1).exe
2014-11-05 15:19 - 2014-11-05 15:19 - 00000000 ____D () C:\Users\zackery\.jmc
2014-11-05 15:19 - 2014-11-05 15:19 - 00000000 ____D () C:\Users\zackery\.eclipse
2014-11-05 15:17 - 2014-11-19 23:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-05 15:17 - 2014-11-05 15:17 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-05 15:17 - 2014-11-05 15:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-05 15:17 - 2014-11-05 15:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-05 15:08 - 2014-11-05 15:10 - 135815584 _____ (Oracle Corporation) C:\Users\zackery\Downloads\jdk-7u71-windows-x64.exe
2014-11-05 11:26 - 2014-11-05 11:30 - 00000000 ____D () C:\Users\zackery\Downloads\assets
2014-11-05 11:26 - 2014-11-05 11:26 - 00000000 ____D () C:\Users\zackery\Downloads\versions
2014-11-05 11:26 - 2014-11-05 11:26 - 00000000 ____D () C:\Users\zackery\Downloads\libraries
2014-11-05 11:23 - 2014-11-17 20:02 - 00000000 ____D () C:\Users\zackery\Downloads\Monster
2014-11-05 11:22 - 2014-11-30 19:10 - 00000000 ____D () C:\Users\zackery\AppData\Local\ftblauncher
2014-11-05 11:22 - 2014-11-05 11:22 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\ftblauncher
2014-11-05 11:21 - 2014-11-05 11:22 - 06619054 _____ () C:\Users\zackery\Desktop\FTB_Launcher.exe
2014-11-05 11:00 - 2014-11-05 11:00 - 00000000 ____D () C:\Users\zackery\Desktop\libraries
2014-11-05 09:55 - 2014-11-05 09:57 - 00006080 _____ () C:\Windows\IE10_main.log
2014-11-05 09:40 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-05 09:40 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-05 09:40 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-05 09:40 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-05 09:40 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-05 09:40 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-05 09:40 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-05 09:40 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-05 09:40 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-05 09:40 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-05 09:40 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-05 09:40 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-05 09:40 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-05 09:40 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-05 09:40 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-05 09:40 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-05 09:40 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-05 09:40 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-05 09:40 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-05 09:39 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-05 09:39 - 2014-08-28 18:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-05 09:39 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-05 09:39 - 2014-08-28 18:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-11-05 09:39 - 2014-08-28 18:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-05 09:39 - 2014-08-28 18:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-05 09:39 - 2014-08-28 17:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-05 09:39 - 2014-08-28 17:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-05 09:39 - 2014-08-28 17:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-05 09:39 - 2014-08-28 17:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-05 09:39 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-05 09:38 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-05 09:38 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-05 09:38 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-05 09:38 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-05 09:37 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-05 09:37 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-05 09:35 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-05 09:35 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-05 09:35 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-05 09:35 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-05 09:35 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-05 09:35 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-05 09:35 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-05 09:35 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-05 09:35 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-05 09:35 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-05 09:35 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-05 09:35 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-05 09:35 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-05 09:35 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-05 09:35 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-05 09:35 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-05 09:35 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-05 09:35 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-05 09:35 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-05 09:35 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-05 09:35 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-05 09:35 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-05 09:35 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-05 09:35 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-05 09:29 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-05 09:29 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-03 01:45 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-03 01:45 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-03 01:45 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-03 01:45 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-03 01:45 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-03 01:45 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-03 01:45 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-03 01:44 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-03 01:44 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-03 01:44 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-03 01:44 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-02 17:07 - 2014-11-02 17:25 - 00000121 _____ () C:\Users\zackery\Desktop\Minecraft accounts.txt
2014-11-02 17:01 - 2014-11-02 17:02 - 00000000 ____D () C:\ProgramData\Nimoru
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 00:22 - 2014-06-25 01:15 - 00000000 ____D () C:\AdwCleaner
2014-12-01 00:12 - 2012-06-09 20:55 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\Skype
2014-11-30 23:52 - 2014-09-29 04:47 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 22:53 - 2014-06-28 21:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 22:23 - 2012-06-09 23:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-30 20:45 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 20:45 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 16:44 - 2012-06-08 21:03 - 01286078 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 11:09 - 2012-09-10 15:50 - 00000000 ____D () C:\Users\zackery\AppData\Local\Adobe
2014-11-30 11:05 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 10:59 - 2014-09-29 04:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 10:59 - 2014-09-29 04:33 - 00008300 _____ () C:\Windows\setupact.log
2014-11-30 10:59 - 2014-07-18 18:23 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-30 10:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 20:11 - 2014-10-17 18:21 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\.minecraft
2014-11-29 19:56 - 2012-06-10 15:54 - 00000000 ____D () C:\Users\zackery\AppData\Local\CrashDumps
2014-11-29 11:18 - 2014-09-29 18:08 - 00060346 _____ () C:\Windows\PFRO.log
2014-11-29 11:18 - 2012-06-09 19:08 - 00000000 ____D () C:\ProgramData\AVG2012
2014-11-28 22:18 - 2012-07-27 22:51 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\TS3Client
2014-11-28 19:09 - 2014-08-23 21:44 - 00000000 ____D () C:\Users\zackery\Desktop\Ddoser,ddos program
2014-11-28 11:08 - 2012-06-09 18:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-28 11:04 - 2012-06-09 19:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-27 09:29 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-24 10:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2014-11-22 07:32 - 2014-07-20 14:27 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-21 12:59 - 2014-09-22 17:13 - 00003758 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-11-21 12:59 - 2014-09-22 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-21 12:59 - 2014-09-22 17:13 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-11-19 23:16 - 2013-07-21 11:26 - 00000000 ____D () C:\Program Files\Java
2014-11-19 22:48 - 2014-01-04 11:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 22:48 - 2013-10-03 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2014-11-19 22:48 - 2013-10-03 22:08 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2014-11-19 22:48 - 2012-11-23 17:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-19 22:31 - 2014-09-01 00:45 - 00000000 ____D () C:\Program Files (x86)\Webcam Hacker Pro v3.1.8
2014-11-19 22:25 - 2012-11-27 14:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-19 22:15 - 2011-02-11 09:15 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-19 22:11 - 2012-06-09 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-19 22:10 - 2011-05-17 23:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-19 22:10 - 2011-05-17 23:03 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-19 22:06 - 2012-07-24 15:20 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\WildTangent
2014-11-19 22:06 - 2011-05-17 23:18 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-19 22:06 - 2011-05-17 23:18 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-11-19 22:06 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-19 22:05 - 2013-07-26 01:30 - 00000000 ____D () C:\ProgramData\Freemake
2014-11-19 22:05 - 2013-07-26 01:29 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-11-19 22:00 - 2012-09-10 15:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-19 22:00 - 2012-06-09 20:52 - 00000000 ____D () C:\Users\zackery\AppData\Roaming\Adobe
2014-11-18 17:32 - 2013-12-26 22:56 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-18 07:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-11-15 19:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-15 00:45 - 2014-03-13 17:13 - 00000000 ____D () C:\Users\zackery\AppData\Local\Akamai
2014-11-12 14:31 - 2013-10-14 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-11-06 09:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-06 08:53 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-06 08:52 - 2014-09-29 04:33 - 00278768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 08:49 - 2014-06-25 20:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-06 08:49 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-06 08:28 - 2012-06-08 21:03 - 00000000 ____D () C:\Users\zackery
2014-11-05 11:02 - 2014-05-10 20:35 - 00000000 ____D () C:\Users\zackery\Desktop\2 thing into all
2014-11-05 11:02 - 2014-05-10 20:33 - 00000000 ____D () C:\Users\zackery\Desktop\1 thing into all
2014-11-05 09:52 - 2013-08-17 00:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-05 09:41 - 2012-06-09 20:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 00:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-04 00:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
 
Files to move or delete:
====================
C:\Users\zackery\filename.bat
C:\Users\zackery\infliction-reborn_cl_infliction-reborn_LIVE.dat
C:\Users\zackery\jagex_cl_loginapplet_LIVE.dat
C:\Users\zackery\jagex_cl_oldschool_LIVE.dat
C:\Users\zackery\jagex_cl_runescape_LIVE.dat
C:\Users\zackery\random.dat
 
 
Some content of TEMP:
====================
C:\Users\zackery\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\zackery\AppData\Local\Temp\APNSetup.exe
C:\Users\zackery\AppData\Local\Temp\Quarantine.exe
C:\Users\zackery\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 07:51
 
==================== End Of Log ============================

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 30 November 2014 - 09:42 AM

If not already done run the AdwCleaner tool and clean everything that is found.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2999761125-2711575400-1308156047-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-2999761125-2711575400-1308156047-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\zackery\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-19]
FF HKU\S-1-5-21-2999761125-2711575400-1308156047-1000\...\Firefox\Extensions: [{193fe82a-c958-450c-8097-de926f5db967}] - C:\Program Files (x86)\LyricSing\130.xpi
CHR Extension: (Google Wallet) - C:\Users\zackery\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\zackery\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx []
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\zackery\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx []
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx []
S4 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S4 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [X]
S4 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:CB959782
C:\Users\zackery\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\zackery\AppData\Local\Temp\APNSetup.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 30 November 2014 - 02:26 PM

Ok here is all the information you needed. ( also that thing u told me to fix with the code, Why did it everything run so slow for the past 2min and my internet on my comp dc'ed? )
Here is security program

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Emsisoft Anti-Malware        
AVG Internet Security 2012   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java version 32-bit out of Date! 
 Google Chrome 37.0.2062.124 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgtray.exe 
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 

 

 

Attached Files



#8 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 December 2014 - 04:49 PM

My computer is running pretty good, Still internet is slower because of the code thing but I think its fixed most of the problem!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 03 December 2014 - 09:38 AM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===
Keep me posted.

#10 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 03 December 2014 - 08:13 PM

I did as you told me. However I do not have Mozilla firefox, Am I clean now? Or what should I do?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 04 December 2014 - 09:54 AM

As far as I can see you are clean.

If the browser is still slow try this:

Restore you Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#12 Deadlyfamous

Deadlyfamous
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 04 December 2014 - 05:05 PM

Thank you, Kind regards Deadlyfamous



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 05 December 2014 - 07:47 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:21 AM

Posted 11 December 2014 - 08:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users