Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ask.couplose.com browser hijack


  • Please log in to reply
1 reply to this topic

#1 j2r7

j2r7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 30 November 2014 - 08:12 AM

thanks for any assistance - this effects chrome and firefox , but not IE rightnow

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 1.6.0_26
Run by epjr at 5:03:06 on 2014-11-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3323.774 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG Internet Security 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\ctfmon.exe
C:\Users\epjr\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\DllHost.exe
C:\Users\epjr\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\epjr\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg web tuneup\4.0.0.19\AVG Web TuneUp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [BackgroundSwitcher] "c:\program files\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [Google Update] "c:\users\epjr\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_3168F054B3C73E813F99A958997891B6] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [DriveUtilitiesHelper] c:\program files\western digital\wd utilities\WDDriveUtilitiesHelper.exe
mRun: [WebStorage] c:\program files\asus\webstorage\2.1.15.438\AsusWSPanel.exe /S
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{38F760A9-E1E0-4C79-899A-C91F41CA0855} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38F760A9-E1E0-4C79-899A-C91F41CA0855} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.10\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\epjr\appdata\roaming\mozilla\firefox\profiles\38g5bub3.default\
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={D5F06DEE-B4D8-4F2A-AD2E-0C35B209A6A2}&mid=1e4bea3ee1094d90a2e753b28c9c75c5-de154618f9d7367611e1f88ae18ee9a8ddac10b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-29 06:28:35&v=4.0.0.19&pid=wtu&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\epjr\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\epjr\appdata\roaming\mozilla\firefox\profiles\38g5bub3.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\epjr\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\epjr\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-10-29 213784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-11-29 42784]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2014-11-23 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2014-11-23 51072]
R1 MpKsl6c91ffdc;MpKsl6c91ffdc;c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\MpKsl6c91ffdc.sys [2014-11-30 39464]
R1 MpKsl6daf8e6e;MpKsl6daf8e6e;c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\MpKsl6daf8e6e.sys [2014-11-30 39464]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2014-4-6 401920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-3-23 13336]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2014-6-15 202080]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-29 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-29 968504]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 95920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.10\ToolbarUpdater.exe [2014-11-29 1849368]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2014-5-23 296312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-29 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-29 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-29 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-4-29 20040]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\drivers\umpusbvista.sys [2013-3-26 47872]
R3 wbondir;Winbond CIR Transceiver;c:\windows\system32\drivers\wbondir.sys [2007-3-20 49664]
S2 chromoting;Chrome Remote Desktop Service;c:\program files\google\chrome remote desktop\39.0.2171.46\remoting_host.exe [2014-10-29 56648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2010-5-13 706304]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2010-5-13 1482112]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-11 102912]
S3 NetFlixDownloadManager;VMC NetFlix Download Manager;"c:\program files\luttmann\vmcnetflix\netflixdownloadmanager.exe" --> c:\program files\luttmann\vmcnetflix\NetFlixDownloadManager.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-4 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-4 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 ShowAnalyzerMaster;ShowAnalyzerMaster;"c:\program files\dragon global\showanalyzersuite\showanalyzermaster.exe" --> c:\program files\dragon global\showanalyzersuite\ShowAnalyzerMaster.exe [?]
.
=============== Created Last 30 ================
.
2014-11-30 09:08:00 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\MpKsl6daf8e6e.sys
2014-11-30 07:24:08 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\MpKsl6c91ffdc.sys
2014-11-30 07:24:07 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\offreg.dll
2014-11-30 07:03:28 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc9486d2-dbea-4be4-9542-a29f1e9646bc}\mpengine.dll
2014-11-30 01:43:21 -------- d-sh--w- c:\users\epjr\appdata\local\EmieBrowserModeList
2014-11-29 11:29:29 -------- d-----w- c:\users\epjr\appdata\local\AVG Web TuneUp
2014-11-29 11:29:06 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-11-29 11:28:30 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-11-29 11:28:15 -------- d-----w- c:\programdata\AVG Secure Search
2014-11-29 11:28:10 -------- d-----w- c:\program files\common files\AVG Secure Search
2014-11-29 11:27:49 -------- d-----w- c:\program files\AVG Web TuneUp
2014-11-29 11:27:41 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-11-29 11:14:06 -------- d-----w- c:\users\epjr\appdata\roaming\Avg_Update_1014av
2014-11-29 11:13:41 -------- d-----w- c:\programdata\Avg_Update_1014av
2014-11-29 07:12:02 -------- d-----w- c:\users\epjr\appdata\roaming\AVG2015
2014-11-29 07:09:51 -------- d-----w- c:\users\epjr\appdata\roaming\TuneUp Software
2014-11-29 07:07:57 -------- d--h--w- C:\$AVG
2014-11-29 07:07:57 -------- d-----w- c:\programdata\AVG2015
2014-11-29 07:04:25 -------- d-----w- c:\program files\AVG
2014-11-29 06:59:15 -------- d-----w- c:\users\epjr\appdata\local\MFAData
2014-11-29 06:59:15 -------- d-----w- c:\users\epjr\appdata\local\Avg2015
2014-11-29 06:59:15 -------- d-----w- c:\programdata\MFAData
2014-11-29 06:58:45 -------- d-----w- c:\programdata\Kaspersky Lab
2014-11-29 06:58:45 -------- d-----w- c:\program files\Kaspersky Lab
2014-11-29 05:17:10 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-29 05:15:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-29 05:15:10 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-29 05:15:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-29 05:15:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-29 02:57:15 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2014-11-29 00:33:28 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-28 00:35:40 -------- d-----w- c:\programdata\b676dac8bb58701c
2014-11-23 13:52:10 51072 ----a-w- c:\windows\system32\drivers\ifsmount.sys
2014-11-23 13:52:09 181120 ----a-w- c:\windows\system32\drivers\ext2fs.sys
2014-11-23 13:52:08 74752 ----a-w- c:\windows\system32\ifsdrives.cpl
2014-11-23 13:52:07 210432 ----a-w- c:\windows\system32\ifsdrives.dll
2014-11-21 11:02:59 -------- d-----w- c:\users\epjr\appdata\local\Skype
2014-11-21 11:02:14 -------- d-----w- c:\users\epjr\appdata\roaming\RHEng
2014-11-21 08:30:34 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{423fe3a4-a8a9-47a3-b8d6-0a606f63b11b}\gapaengine.dll
2014-11-19 10:14:00 -------- d-----w- c:\users\epjr\appdata\local\Popcorn Time
2014-11-19 08:37:17 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 08:37:16 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 23:36:27 -------- d-----w- c:\users\epjr\appdata\local\app
2014-11-15 16:22:03 -------- d-----w- c:\program files\ASUS
2014-11-11 23:55:59 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-10 23:47:39 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-11-06 22:06:54 -------- d-----w- c:\users\epjr\appdata\local\Popcorn-Time
2014-11-05 23:48:37 -------- d-----w- c:\users\epjr\appdata\local\globalUpdate
.
==================== Find3M  ====================
.
2014-11-26 00:46:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 00:46:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-06 03:28:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:49 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35 1892864 ----a-w- c:\windows\system32\wininet.dll
2014-11-05 17:50:47 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:50:28 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:47:40 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-30 02:34:52 213784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
.
============= FINISH:  5:05:19.56 ===============
 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:58 PM

Posted 02 December 2014 - 10:42 PM

Welcome to the forum, j2r7!

Please use the Farbar Recovery Scan Tool.
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens, click Yes to the disclaimer.

Press the Scan button.


When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
>> Also post the Addition.txt in your reply.



Also use the tool: Zoek

Please, temporarily disable your AV program.
Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download > http://download.bleepingcomputer.com/smeenk/zoek.exe

When the download appears, save to the Desktop.

On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)

Please, temporarily disable your AV program.
Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
 
createsrpoint; 
firefoxlook; 
Chromelook; 
skipfix-iedefaults; 
uninstall-list; 
emptyclsid;
Now...
  • Close any open Browsers.
  • Click the Run script button, and wait. It takes a few minutes to run all the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed log is opened after the reboot.
>> Please post the zoek-results.log in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users