Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect pop ups


  • This topic is locked This topic is locked
15 replies to this topic

#1 getsaved

getsaved

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 November 2014 - 02:47 PM

I have re directs and pop ups can you help

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16592
Run by Joe at 14:30:05 on 2014-11-23
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3061.979 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <-loopback>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\joe\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - c:\users\joe\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\joe\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://www.gpcemail.com/,DSID=04657e9ac6339924b38760e87eb2cc19,DanaInfo=NotesBLUE.genpt.com+dwa85W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B613D7D3-8363-4A36-9062-8FA04B08E5D1} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.65\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\rrih8itp.default-1393306477818\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-29 213784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-11-8 42784]
R1 MpKsl841b0e93;MpKsl841b0e93;c:\programdata\microsoft\microsoft antimalware\definition updates\{5bc161cf-5f2c-47e1-b869-4774cfa64653}\MpKsl841b0e93.sys [2014-11-23 39464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2010-10-7 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-17 21504]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-11-19 242912]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-10 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-10 968504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 95920]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-10-7 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-28 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-10 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-10 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-11-23 07:10:13 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bc161cf-5f2c-47e1-b869-4774cfa64653}\offreg.dll
2014-11-23 07:10:13 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bc161cf-5f2c-47e1-b869-4774cfa64653}\MpKsl841b0e93.sys
2014-11-23 07:03:42 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5bc161cf-5f2c-47e1-b869-4774cfa64653}\mpengine.dll
2014-11-23 04:33:17 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-21 02:02:39 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e31dcc20-ebdf-4597-9986-e2f1f8076363}\gapaengine.dll
2014-11-20 02:42:46 -------- d-----w- c:\users\joe\appdata\roaming\Foxit Software
2014-11-20 02:40:22 -------- d-----w- c:\program files\Foxit Software
2014-11-20 01:17:20 -------- d-----w- c:\users\joe\appdata\roaming\DriverCure
2014-11-19 10:41:19 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-16 12:27:20 -------- d-----w- c:\users\joe\appdata\roaming\SparkTrust
2014-11-16 12:26:42 -------- d-----w- c:\programdata\SparkTrust
2014-11-12 08:24:12 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 08:23:57 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 08:23:53 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 08:23:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 08:21:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 08:21:12 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 08:19:53 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 08:19:14 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-12 08:15:01 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 08:11:48 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 08:11:47 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 08:11:47 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 08:11:47 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 08:11:16 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 08:01:24 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-10 10:23:43 -------- d-----w- c:\windows\ERUNT
2014-11-10 08:14:45 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-10 08:14:17 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-10 08:14:17 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-10 08:14:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-10 06:05:41 -------- d-----w- C:\AdwCleaner
2014-11-09 12:31:03 5338896 ----a-w- c:\programdata\pclunst.exe
2014-11-09 03:41:47 -------- d-----w- c:\users\joe\appdata\local\AVG Web TuneUp
2014-11-09 03:40:52 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-11-09 03:40:20 -------- d-----w- c:\program files\AVG Web TuneUp
2014-11-09 03:40:13 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-11-09 03:32:13 -------- d-----w- c:\users\joe\appdata\roaming\AVG2015
2014-11-09 03:30:46 -------- d-----w- c:\users\joe\appdata\roaming\TuneUp Software
2014-11-09 03:29:37 -------- d--h--w- C:\$AVG
2014-11-09 03:29:36 -------- d-----w- c:\programdata\AVG2015
2014-11-09 03:27:54 -------- d-----w- c:\program files\AVG
2014-11-09 03:22:57 -------- d--h--w- c:\programdata\Common Files
2014-11-09 03:22:57 -------- d-----w- c:\users\joe\appdata\local\MFAData
2014-11-09 03:22:57 -------- d-----w- c:\users\joe\appdata\local\Avg2015
2014-11-09 03:22:57 -------- d-----w- c:\programdata\MFAData
2014-11-05 09:04:09 -------- d-----w- C:\SUPERDelete
2014-11-05 06:52:57 -------- d-----w- C:\$RECYCLE.BIN
2014-11-05 05:58:45 98816 ----a-w- c:\windows\sed.exe
2014-11-05 05:58:45 256000 ----a-w- c:\windows\PEV.exe
2014-11-05 05:58:45 208896 ----a-w- c:\windows\MBR.exe
2014-11-02 22:27:53 -------- d-----w- c:\programdata\83b32e09-56dd-4d15-bbc7-350e8627ec65
2014-10-30 02:34:52 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M  ====================
.
2014-11-13 05:28:25 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 05:28:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-10-10 20:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-01 16:20:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-08-29 02:43:36 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 14:33:16.68 ===============
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 28 November 2014 - 10:23 AM

Greetings getsaved and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 29 November 2014 - 12:10 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows Vista ™ Home Basic x86
Ran by Joe on Fri 11/28/2014 at 23:28:55.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/28/2014 at 23:31:49.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Joe (administrator) on JOE-PC on 28-11-2014 23:34:37
Running from C:\Users\Joe\Downloads
Loaded Profile: Joe (Available profiles: Joe)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Dropbox, Inc.) C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Thisisu) C:\Users\Joe\Downloads\JRT (1).exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6697752 2014-11-24] (SUPERAntiSpyware)
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-17] (Google Inc.)
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GZBN_enUS475
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7GZBN_enUS475
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> {A703F475-364C-4CD9-960A-617CCEBCC720} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-03] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrih8itp.default-1393306477818
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: snipsmart - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrih8itp.default-1393306477818\Extensions\{2e8cd9f8-615c-4de8-88d4-cb904b118f81}.xpi [2014-11-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-12]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-09]
FF HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-18]
CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-18]
CHR Extension: (AVG Secure Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-11-08]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-18]
CHR Extension: (snipsmart) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgohbedfoapkadoclnlgnalaehogpaog [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-18]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [102400 2008-02-15] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-11-08] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-27] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-03] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-03] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 23:34 - 2014-11-28 23:35 - 00018959 _____ () C:\Users\Joe\Downloads\FRST.txt
2014-11-28 23:33 - 2014-11-28 23:33 - 01109504 _____ (Farbar) C:\Users\Joe\Downloads\FRST.exe
2014-11-28 23:31 - 2014-11-28 23:31 - 00001540 _____ () C:\Users\Joe\Desktop\JRT.txt
2014-11-28 23:28 - 2014-11-28 23:28 - 01707532 _____ (Thisisu) C:\Users\Joe\Downloads\JRT (1).exe
2014-11-28 19:40 - 2014-11-28 19:40 - 00000000 ____D () C:\Users\Joe\AppData\Local\ESET
2014-11-28 19:26 - 2014-11-28 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-11-28 19:26 - 2014-11-28 19:26 - 00000000 ____D () C:\ProgramData\ESET
2014-11-28 19:26 - 2014-11-28 19:26 - 00000000 ____D () C:\Program Files\ESET
2014-11-28 19:14 - 2014-11-28 19:14 - 01761992 _____ (ESET) C:\Users\Joe\Desktop\eset_nod32_antivirus_live_installer.exe
2014-11-27 09:37 - 2014-11-27 09:37 - 00001952 _____ () C:\Users\Joe\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-11-27 09:37 - 2014-11-27 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-27 09:37 - 2014-11-27 09:37 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-11-27 09:30 - 2014-11-27 09:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 09:30 - 2014-11-27 09:31 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-27 09:30 - 2014-11-27 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 09:29 - 2014-11-27 09:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-27 09:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 09:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 09:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 09:28 - 2014-11-27 09:29 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup.exe
2014-11-27 09:08 - 2014-11-27 09:08 - 00001433 _____ () C:\Users\Joe\Documents\SecurityCheck.exe
2014-11-27 09:01 - 2014-11-27 09:01 - 00852490 _____ () C:\Users\Joe\Desktop\SecurityCheck.exe
2014-11-27 08:52 - 2014-11-28 23:34 - 00000000 ____D () C:\FRST
2014-11-27 08:36 - 2014-11-28 22:13 - 00001494 _____ () C:\Windows\PFRO.log
2014-11-27 08:17 - 2014-11-27 08:29 - 00001163 _____ () C:\Users\Joe\Desktop\avgrep.txt
2014-11-27 08:04 - 2014-11-28 23:34 - 00134487 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 08:02 - 2014-11-27 08:03 - 00001962 _____ () C:\Users\Joe\Documents\cc_20141127_080246.reg
2014-11-26 16:14 - 2014-11-03 03:40 - 00055464 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-11-26 13:01 - 2014-11-26 13:01 - 02117632 _____ (Farbar) C:\Users\Joe\Downloads\FRST64 (1).exe
2014-11-26 13:00 - 2014-11-26 13:01 - 02117632 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2014-11-24 19:11 - 2014-11-24 19:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-23 14:28 - 2014-11-23 14:28 - 00688992 ____R (Swearware) C:\Users\Joe\Downloads\dds.com
2014-11-20 23:09 - 2014-11-20 23:10 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Joe\Downloads\tdsskiller.exe
2014-11-20 23:08 - 2014-11-20 23:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Joe\Downloads\rkill.exe
2014-11-19 21:42 - 2014-11-19 21:42 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Foxit Software
2014-11-19 21:41 - 2014-11-19 21:41 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-11-19 21:40 - 2014-11-19 21:40 - 00001926 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-11-19 21:40 - 2014-11-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-11-19 21:40 - 2014-11-19 21:40 - 00000000 ____D () C:\Program Files\Foxit Software
2014-11-19 05:41 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 21:34 - 2014-11-13 21:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-11-13 21:34 - 2014-11-13 21:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-11-12 03:24 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 03:23 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 03:23 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 03:23 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 03:21 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 03:21 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 03:19 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 03:19 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 03:15 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 03:11 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 03:11 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 03:11 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 03:01 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:29 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:29 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:29 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:29 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:29 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:29 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:29 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 21:29 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:29 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:29 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 21:29 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:29 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:29 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:29 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:29 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:29 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:29 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:29 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 21:29 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 21:29 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 21:29 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-10 05:23 - 2014-11-10 05:23 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 05:22 - 2014-11-10 05:22 - 01706808 _____ (Thisisu) C:\Users\Joe\Downloads\JRT.exe
2014-11-10 03:12 - 2014-11-10 03:13 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup.exe
2014-11-10 03:10 - 2014-11-10 03:10 - 00005256 _____ () C:\Users\Joe\Downloads\wscsvc.reg
2014-11-10 01:05 - 2014-11-27 08:30 - 00000000 ____D () C:\AdwCleaner
2014-11-10 01:04 - 2014-11-10 01:04 - 02140160 _____ () C:\Users\Joe\Downloads\AdwCleaner (1).exe
2014-11-10 01:02 - 2014-11-10 01:02 - 00010349 _____ () C:\Users\Joe\Downloads\Unconfirmed 667297.crdownload
2014-11-09 07:31 - 2014-11-09 07:30 - 05338896 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-11-09 07:29 - 2014-11-09 07:30 - 05338896 _____ (PC Cleaners) C:\Users\Joe\Downloads\app3_Install_eng.exe
2014-11-08 22:41 - 2014-11-09 07:20 - 00000000 ____D () C:\Users\Joe\AppData\Local\AVG Web TuneUp
2014-11-08 22:40 - 2014-11-08 22:41 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-08 22:40 - 2014-11-08 22:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-11-08 22:40 - 2014-11-08 22:39 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-11-08 22:32 - 2014-11-08 22:32 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\AVG2015
2014-11-08 22:30 - 2014-11-08 22:30 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TuneUp Software
2014-11-08 22:29 - 2014-11-28 22:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-08 22:29 - 2014-11-28 19:21 - 00000000 ___HD () C:\$AVG
2014-11-08 22:22 - 2014-11-28 22:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 22:22 - 2014-11-08 22:58 - 00000000 ____D () C:\Users\Joe\AppData\Local\Avg2015
2014-11-08 22:22 - 2014-11-08 22:22 - 04578024 _____ (AVG Technologies) C:\Users\Joe\Downloads\avg_avct_stb_all_2015_5315_ppc17(1).exe
2014-11-08 22:22 - 2014-11-08 22:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\MFAData
2014-11-08 22:19 - 2014-11-08 22:19 - 04578024 _____ (AVG Technologies) C:\Users\Joe\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-11-05 04:04 - 2014-11-05 05:26 - 00000000 ____D () C:\SUPERDelete
2014-11-05 01:59 - 2014-11-05 01:59 - 00020035 _____ () C:\ComboFix.txt
2014-11-05 00:58 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 00:58 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 00:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 00:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 00:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 00:58 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 00:58 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 00:58 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 00:57 - 2014-11-05 01:59 - 00000000 ____D () C:\Qoobox
2014-11-05 00:57 - 2014-11-05 01:57 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 00:55 - 2014-11-05 00:56 - 05591672 ____R (Swearware) C:\Users\Joe\Downloads\ComboFix.exe
2014-11-05 00:51 - 2014-11-05 00:51 - 01375089 _____ () C:\Users\Joe\Downloads\AdwCleaner.exe
2014-11-02 19:16 - 2014-11-02 19:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-02 17:27 - 2014-11-28 23:17 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 23:28 - 2012-04-05 20:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 23:20 - 2011-06-28 22:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-28 23:20 - 2010-11-10 08:58 - 00000000 ___RD () C:\Users\Joe\Documents\My Dropbox
2014-11-28 23:20 - 2010-11-10 08:55 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Dropbox
2014-11-28 23:19 - 2012-03-17 13:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 23:19 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-28 23:19 - 2006-11-02 07:45 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 23:19 - 2006-11-02 07:45 - 00005008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 23:17 - 2012-03-17 13:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 23:17 - 2006-11-02 07:58 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-28 19:29 - 2010-10-07 12:10 - 00000000 ____D () C:\Users\Joe
2014-11-28 19:18 - 2011-01-26 21:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-26 16:29 - 2010-11-10 08:55 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-26 14:14 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\twain_32
2014-11-26 02:28 - 2012-04-05 20:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 02:28 - 2011-05-17 19:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-24 14:04 - 2010-10-08 09:53 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 22:54 - 2011-07-28 20:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 21:41 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-12 04:04 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:58 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 03:46 - 2006-11-02 07:44 - 00271672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:22 - 2010-12-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:08 - 2013-08-17 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:02 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-10 05:17 - 2014-07-14 06:07 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe
2014-11-10 03:14 - 2012-04-28 11:31 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Malwarebytes
2014-11-10 03:14 - 2012-04-28 11:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 00:40 - 2006-11-02 05:23 - 00000281 _____ () C:\Windows\win.ini
2014-11-05 05:32 - 2006-11-02 05:33 - 00758854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 01:59 - 2010-12-07 22:12 - 00000000 ____D () C:\Users\Joe\AppData\Local\Apps\2.0
2014-11-05 01:59 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-11-05 01:53 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 01:49 - 2006-11-02 05:22 - 44826624 _____ () C:\Windows\system32\config\software.bak
2014-11-05 01:49 - 2006-11-02 05:22 - 39321600 _____ () C:\Windows\system32\config\COMPON~3.bak
2014-11-05 01:49 - 2006-11-02 05:22 - 24641536 _____ () C:\Windows\system32\config\system.bak
2014-11-05 01:49 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-05 01:49 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 01:49 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-02 18:37 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy
 
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
 
 
Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\avgnt.exe
C:\Users\Joe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp9tix0.dll
C:\Users\Joe\AppData\Local\Temp\InstHelper.exe
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 23:25
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Joe at 2014-11-28 23:36:17
Running from C:\Users\Joe\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
American Flag Screen Saver (HKLM\...\AmericanFlag) (Version:  - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Driver Download Manager (HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ESET NOD32 Antivirus (HKLM\...\{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
LastPass (uninstall only) (HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH Media Driver ver.2.07.01.04 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.54.1000 - SUPERAntiSpyware.com)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VideoLAN VLC media player 0.8.6f (HKLM\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
 
==================== Restore Points  =========================
 
09-11-2014 18:40:46 Scheduled Checkpoint
11-11-2014 06:25:24 Scheduled Checkpoint
11-11-2014 19:36:58 Scheduled Checkpoint
12-11-2014 06:58:25 Windows Update
12-11-2014 08:00:50 Windows Update
13-11-2014 05:52:18 Scheduled Checkpoint
14-11-2014 11:14:34 Scheduled Checkpoint
15-11-2014 07:10:15 Scheduled Checkpoint
15-11-2014 20:26:10 Scheduled Checkpoint
16-11-2014 12:00:12 Windows Update
19-11-2014 10:40:35 Windows Update
20-11-2014 02:10:57 Scheduled Checkpoint
23-11-2014 04:31:41 Windows Update
23-11-2014 18:03:29 Scheduled Checkpoint
24-11-2014 12:04:40 Scheduled Checkpoint
25-11-2014 03:55:43 Scheduled Checkpoint
26-11-2014 04:42:49 Scheduled Checkpoint
26-11-2014 06:52:00 Windows Update
26-11-2014 19:06:35 Scheduled Checkpoint
28-11-2014 19:34:10 Scheduled Checkpoint
29-11-2014 00:18:54 Removed AVG 2015
29-11-2014 00:21:52 Removed AVG 2015
29-11-2014 00:27:48 Device Driver Package Install: Eset spol s r. o.
29-11-2014 00:28:06 Device Driver Package Install: Eset spol s r. o.
29-11-2014 00:28:31 Device Driver Package Install: Eset spol s r. o.
29-11-2014 00:28:58 Device Driver Package Install: Eset spol s r. o.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2014-11-05 01:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C4CC711-72CB-4AA6-9476-8C8BAB1D02AA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {14E250D9-BFDE-4CB0-B2D0-03C0103AC9AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {2835DE5A-54B6-4FE8-9314-CBFAAE9399FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29B815CD-0AA1-4631-9C0C-B7FB1DE2E419} - \RocketTab No Task File <==== ATTENTION
Task: {354E8D1C-F44C-458E-B15C-4D63BA918DD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {71F21D2B-E515-4C3D-8409-8197BD0EAF73} - System32\Tasks\User_Feed_Synchronization-{8153E356-8C07-4409-876E-63A4218AE2F6}
Task: {9A5BF7B0-F2E1-4F88-B828-1234CE0C8DE9} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A3892ADC-C909-4C61-BAEF-B8C49A1F6F76} - \PC Cleaner Pro Optimization No Task File <==== ATTENTION
Task: {A3F6E060-48BC-4AED-B164-DC6200F86EF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {B7030556-6D3D-4FA0-91F7-46278CA99677} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {CB93251B-8736-4B5D-AC16-421D0F1F4E91} - \PastaQuotes No Task File <==== ATTENTION
Task: {E2B71930-3CAD-41E3-9588-AC4F54709A38} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-08 09:19 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2010-10-08 09:19 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-28 23:20 - 2014-11-28 23:20 - 00043008 _____ () c:\users\joe\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp9tix0.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Joe\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-25 22:00 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 22:00 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3823163925-1055289997-1461020503-500 - Administrator - Disabled)
Guest (S-1-5-21-3823163925-1055289997-1461020503-501 - Limited - Disabled)
Joe (S-1-5-21-3823163925-1055289997-1461020503-1000 - Administrator - Enabled) => C:\Users\Joe
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-28 23:36:10.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:10.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:09.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:09.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:08.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:07.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:07.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 23:36:06.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 19:20:28.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2015\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-28 19:20:28.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2015\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3061.31 MB
Available physical RAM: 1234.23 MB
Total Pagefile: 6332.89 MB
Available Pagefile: 4537.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:206.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: E8403A9B)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 29 November 2014 - 08:34 AM

Greetings,

Thank you for the information. Please consider and do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Microsoft Security Essentials (you simply disable this one)
AVG AntiVirus 2015


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
C:\ProgramData\pclunst.exe
C:\Users\Joe\AppData\Local\Temp\avgnt.exe
C:\Users\Joe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp9tix0.dll
C:\Users\Joe\AppData\Local\Temp\InstHelper.exe
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
Task: {29B815CD-0AA1-4631-9C0C-B7FB1DE2E419} - \RocketTab No Task File <==== ATTENTION
Task: {9A5BF7B0-F2E1-4F88-B828-1234CE0C8DE9} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A3892ADC-C909-4C61-BAEF-B8C49A1F6F76} - \PC Cleaner Pro Optimization No Task File <==== ATTENTION
Task: {CB93251B-8736-4B5D-AC16-421D0F1F4E91} - \PastaQuotes No Task File <==== ATTENTION
Task: {E2B71930-3CAD-41E3-9588-AC4F54709A38} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • If you are still receiving redirects please tell me which browser(s) are doing that

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 29 November 2014 - 09:51 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Joe at 2014-11-29 21:39:22 Run:1
Running from C:\Users\Joe\Desktop
Loaded Profile: Joe (Available profiles: Joe)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
C:\ProgramData\pclunst.exe
C:\Users\Joe\AppData\Local\Temp\avgnt.exe
C:\Users\Joe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp9tix0.dll
C:\Users\Joe\AppData\Local\Temp\InstHelper.exe
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
Task: {29B815CD-0AA1-4631-9C0C-B7FB1DE2E419} - \RocketTab No Task File <==== ATTENTION
Task: {9A5BF7B0-F2E1-4F88-B828-1234CE0C8DE9} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {A3892ADC-C909-4C61-BAEF-B8C49A1F6F76} - \PC Cleaner Pro Optimization No Task File <==== ATTENTION
Task: {CB93251B-8736-4B5D-AC16-421D0F1F4E91} - \PastaQuotes No Task File <==== ATTENTION
Task: {E2B71930-3CAD-41E3-9588-AC4F54709A38} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe <==== ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
BCM42RLY => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
TMAgent => Service deleted successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
"C:\Users\Joe\AppData\Local\Temp\avgnt.exe" => File/Directory not found.
"C:\Users\Joe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp9tix0.dll" => File/Directory not found.
"C:\Users\Joe\AppData\Local\Temp\InstHelper.exe" => File/Directory not found.
"C:\Users\Joe\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Joe\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-3823163925-1055289997-1461020503-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29B815CD-0AA1-4631-9C0C-B7FB1DE2E419}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29B815CD-0AA1-4631-9C0C-B7FB1DE2E419}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A5BF7B0-F2E1-4F88-B828-1234CE0C8DE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A5BF7B0-F2E1-4F88-B828-1234CE0C8DE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3892ADC-C909-4C61-BAEF-B8C49A1F6F76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3892ADC-C909-4C61-BAEF-B8C49A1F6F76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Cleaner Pro Optimization" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB93251B-8736-4B5D-AC16-421D0F1F4E91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB93251B-8736-4B5D-AC16-421D0F1F4E91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2B71930-3CAD-41E3-9588-AC4F54709A38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2B71930-3CAD-41E3-9588-AC4F54709A38}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Cleaner Pro Update Job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Cleaner Pro Update Job" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 29 November 2014 - 09:53 PM

Greetings,
 

If you are still receiving redirects please tell me which browser(s) are doing that.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 29 November 2014 - 10:02 PM

All seems to be working fine  Any thing eles i need to do?

 

 

 

Thanks   Joe

 

Enlarge the place of thy tent, and let them stretch forth the curtains of thine habitations: spare not, lengthen thy cords, and strengthen thy stakes;

Isaiah 54-2



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 29 November 2014 - 10:05 PM

:)

Yes, we have a little bit more to do.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 29 November 2014 - 10:09 PM

NOD32 keeps blocking snipsmart  is this a virus?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 29 November 2014 - 10:13 PM

It is an unwanted program but not a virus, per se. I see you ran AdwCleaner prior to posting. Please rerun that program and post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 30 November 2014 - 12:19 AM

 Results of screen317's Security Check version 0.99.91 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
ESET NOD32 Antivirus 8.0  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 2.0.3.1025 
 AVG Web TuneUp  
 CCleaner    
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player  15.0.0.239 
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Mozilla Firefox (33.1.1)
 Google Chrome (39.0.2171.65)
 Google Chrome (39.0.2171.71)
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/29/2014 10:14:57 PM
User account: Joe-PC\Joe

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/29/2014 10:41:52 PM
Key: HKEY_USERS\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\SPARKTRUST  detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SPARKTRUST  detected: Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{123aa796-6961-4ee8-8a16-25bf1adf65a4}Gt.sys.vir  detected: Adware.NetFilter.J (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{2e8cd9f8-615c-4de8-88d4-cb904b118f81}Gt.sys.vir  detected: Adware.NetFilter.J (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{b0cb4e30-3ba7-42c8-b355-a89ba6e79c4c}Gt.sys.vir  detected: Adware.NetFilter.J (B)

Scanned 183916
Found 6

Scan end: 11/29/2014 11:59:42 PM
Scan time: 1:17:50

C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{b0cb4e30-3ba7-42c8-b355-a89ba6e79c4c}Gt.sys.vir Quarantined Adware.NetFilter.J (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{2e8cd9f8-615c-4de8-88d4-cb904b118f81}Gt.sys.vir Quarantined Adware.NetFilter.J (B)
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{123aa796-6961-4ee8-8a16-25bf1adf65a4}Gt.sys.vir Quarantined Adware.NetFilter.J (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SPARKTRUST Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3823163925-1055289997-1461020503-1000\SOFTWARE\SPARKTRUST Quarantined Application.InstallAd (A)

Quarantined 6

 

 

 



#12 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 30 November 2014 - 12:26 AM

# AdwCleaner v3.311 - Report created 30/11/2014 at 00:21:24
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\rrih8itp.default-1393306477818\prefs.js ]

-\\ Google Chrome v39.0.2171.71

[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10543 octets] - [10/11/2014 01:05:45]
AdwCleaner[R1].txt - [10674 octets] - [10/11/2014 01:07:18]
AdwCleaner[R2].txt - [2455 octets] - [19/11/2014 20:06:56]
AdwCleaner[R3].txt - [2842 octets] - [26/11/2014 12:18:14]
AdwCleaner[R4].txt - [2158 octets] - [27/11/2014 08:24:50]
AdwCleaner[R5].txt - [1495 octets] - [30/11/2014 00:19:59]
AdwCleaner[S0].txt - [10486 octets] - [10/11/2014 01:09:10]
AdwCleaner[S1].txt - [2336 octets] - [19/11/2014 20:10:00]
AdwCleaner[S2].txt - [2727 octets] - [26/11/2014 12:22:01]
AdwCleaner[S3].txt - [2211 octets] - [27/11/2014 08:30:07]
AdwCleaner[S4].txt - [1416 octets] - [30/11/2014 00:21:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1476 octets] ##########



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 30 November 2014 - 09:40 AM

Thank you sir,

Things are looking good, although we need to update 2 programs in order to close security vulnerabilities. Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs update properly?
  • One last check, is your computer still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 getsaved

getsaved
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 01 December 2014 - 08:10 PM

Thanks Gary for all your help. Every thing is working fine and all programs updated okay.

 

God bless and keep you in His love.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 01 December 2014 - 10:53 PM

That sounds great!

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users