Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random page popping up/downloads


  • This topic is locked This topic is locked
15 replies to this topic

#1 papermac123

papermac123

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 December 2014 - 12:32 AM

Every once in a while, a page saying something like "Flash Player Update" will pop up and without me pressing anything, downloads a file called Installation.exe, which I never ran, just deleted. Should I keep the file next time for someone to analyze or something? Malwarebytes also blocked something when another random  website popped up around 11:30 PM. I attached the malwarebytes log too.

 

__DDS log:_________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.71.2
Run by bob at 0:23:16 on 2014-12-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6132.882 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\bob\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [f.lux] "C:\Users\bob\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{BAF95E5E-B411-44D0-89EE-10338A8F3D8D} : DHCPNameServer = 192.168.2.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\17peuz41.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-26 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-26 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-26 436624]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738984]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 47336]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-26 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-26 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-26 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-26 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-26 969016]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-6-26 1153368]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-26 4799760]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-26 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-26 64216]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-10-14 185352]
S?4 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-26 129752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-6-27 2264280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-15 90776]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-12-09 05:07:17 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-27 23:19:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-27 23:19:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-25 01:02:37 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-25 01:02:10 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-25 01:02:10 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-25 01:02:10 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2014-11-25 01:02:10 436624 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2014-11-25 01:02:10 364512 ----a-w- C:\Windows\System32\aswBoot.exe
2014-11-25 01:02:10 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-25 01:02:10 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-25 01:02:09 64752 ----a-w- C:\Windows\System32\drivers\aswrdr.sys
2014-11-25 01:02:08 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-21 11:14:18 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-14 04:17:53 103374192 ----a-w- C:\Windows\System32\mrt.exe
2014-11-09 04:48:06 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-09 04:48:01 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-11-09 04:48:01 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-11-09 04:48:00 175528 ----a-w- C:\Windows\SysWow64\java.exe
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
2014-09-19 00:50:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 00:45:00 347136 ----a-w- C:\Windows\System32\schannel.dll
.
============= FINISH:  0:26:00.03 ===============
 


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 10 December 2014 - 07:55 PM

hi,

 

 

If you still need help:  download a copy of FRST and post its logs and we will go from there.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
    Right-click FRST then click "Run as administrator"
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from, your desktop.
    Please copy and paste the log in your next reply.

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 December 2014 - 08:38 PM

Okay, here you go:

________________________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01
Ran by bob (administrator) on HOME-PC on 10-12-2014 20:28:43
Running from C:\Users\bob\Desktop\opclean
Loaded Profiles: bob & Ilias (Available profiles: bob & Ilias)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files (x86)\puush\puush.exe
(Flux Software LLC) C:\Users\bob\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-06-26] ()
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Run: [f.lux] => C:\Users\bob\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3554061020-106631535-30068609-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3554061020-106631535-30068609-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-3554061020-106631535-30068609-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3554061020-106631535-30068609-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3554061020-106631535-30068609-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3554061020-106631535-30068609-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\17peuz41.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-30]
FF HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - wrc@avast.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-06-26]
CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (WOT) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-06-26]
CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Adblock Plus) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-26]
CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Tampermonkey) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-06-26]
CHR Extension: (Chromebleed) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-06-26]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-31]
CHR Extension: (Cryptocat) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij [2014-06-26]
CHR Extension: (StumbleUpon) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-06-26]
CHR Extension: (CHROMIFIED Google Translate [BBmod]) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddinjaeleehccjagphnmkcjafhidhmc [2014-06-26]
CHR Extension: (Shortcut Manager) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738984 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [47336 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-10 20:28 - 2014-12-10 20:28 - 00000000 ____D () C:\FRST
2014-12-10 20:26 - 2014-12-10 20:28 - 00000000 ____D () C:\Users\bob\Desktop\opclean
2014-12-09 23:16 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 23:16 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:16 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:16 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:14 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-09 23:14 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 13:17 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 13:17 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 13:17 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 13:17 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 13:17 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 13:17 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 13:17 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 13:17 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 13:17 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 13:17 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 13:17 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 13:17 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 13:17 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 13:17 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 13:17 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 13:17 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 13:17 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 13:17 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 13:17 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 13:17 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 13:17 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 13:17 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 13:17 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 13:17 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 13:17 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-09 13:17 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 13:17 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 13:17 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 13:17 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 13:17 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 13:17 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-09 13:17 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 00:30 - 2014-12-09 00:30 - 00005369 _____ () C:\Users\bob\Desktop\malwarebytes.txt
2014-12-09 00:26 - 2014-12-09 00:26 - 00024023 _____ () C:\Users\bob\Desktop\dds.txt
2014-12-09 00:26 - 2014-12-09 00:26 - 00013699 _____ () C:\Users\bob\Desktop\attach.txt
2014-12-09 00:20 - 2014-12-09 00:20 - 00186568 _____ (ESET) C:\Users\bob\Downloads\ESETPoweliksCleaner.exe
2014-12-09 00:20 - 2014-12-09 00:20 - 00007080 _____ () C:\Users\bob\Downloads\ESETPoweliksCleaner.exe_20141209.002023.4884.log
2014-12-09 00:17 - 2014-12-09 00:17 - 00688992 ____R (Swearware) C:\Users\bob\Downloads\dds.com
2014-12-07 20:07 - 2014-12-07 20:07 - 00000000 ____D () C:\Users\bob\Documents\My Scans
2014-12-07 20:06 - 2014-12-08 19:51 - 00000000 ____D () C:\Users\Ilias\AppData\Roaming\HP
2014-12-07 20:06 - 2014-12-07 20:06 - 00000000 ____D () C:\Users\Ilias\AppData\Local\HP
2014-12-07 16:15 - 2014-12-07 16:19 - 00000000 ____D () C:\AdwCleaner
2014-12-07 16:15 - 2014-12-07 16:15 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 16:14 - 2014-12-07 16:14 - 02153472 _____ () C:\Users\bob\Downloads\AdwCleaner (1).exe
2014-12-04 20:26 - 2014-12-04 20:26 - 00000000 _____ () C:\Users\bob\Documents\New Text Document.txt
2014-11-30 21:52 - 2014-11-30 21:52 - 00000000 _____ () C:\Users\bob\Desktop\New Text Document (2).txt
2014-11-29 16:54 - 2014-11-29 16:55 - 04379403 _____ () C:\Users\bob\Downloads\08_lecture.zip
2014-11-27 16:04 - 2014-11-27 16:48 - 00000025 _____ () C:\Users\bob\Desktop\mardek.txt
2014-11-24 20:02 - 2014-11-24 20:02 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-24 20:02 - 2014-11-24 20:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-24 20:02 - 2014-11-24 20:02 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-24 18:29 - 2014-11-25 17:45 - 00001232 __RSH () C:\Users\Ilias\ntuser.pol
2014-11-24 18:29 - 2014-11-25 17:45 - 00000632 __RSH () C:\Users\bob\ntuser.pol
2014-11-24 16:30 - 2014-11-24 16:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-11-20 23:30 - 2014-11-20 23:30 - 00274288 _____ () C:\Windows\Minidump\Mini112014-01.dmp
2014-11-20 18:10 - 2014-11-20 18:10 - 00000165 ____H () C:\Users\bob\Documents\~$The Cold War.pptx
2014-11-18 23:38 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 23:38 - 2014-10-23 19:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-17 22:51 - 2014-11-26 00:27 - 00082954 _____ () C:\Users\bob\Documents\The Cold War.pptx
2014-11-17 20:50 - 2014-11-17 20:51 - 16409960 _____ (Safer Networking Limited ) C:\Users\bob\Downloads\spybotsd162 (1).exe
2014-11-17 20:49 - 2014-11-17 20:49 - 02140160 _____ () C:\Users\bob\Downloads\AdwCleaner.exe
2014-11-16 16:01 - 2014-11-16 16:01 - 00000000 _____ () C:\Users\bob\ping
2014-11-16 16:01 - 2014-11-16 16:01 - 00000000 _____ () C:\Users\bob\pin
2014-11-16 15:07 - 2014-11-16 15:07 - 00000000 _____ () C:\Users\bob\Desktop\New Text Document.txt
2014-11-13 23:31 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 23:27 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 23:27 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 23:26 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 23:26 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 23:26 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 23:26 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 23:26 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 23:26 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 23:26 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 23:26 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 23:26 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 23:26 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 23:26 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 23:26 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 23:26 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 23:26 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 23:26 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 23:26 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 23:26 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-13 23:17 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 23:17 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 23:16 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 23:16 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 23:16 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 23:16 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-10 15:12 - 2014-12-10 15:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
   
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-10 20:26 - 2014-06-26 10:50 - 00001752 _____ () C:\Windows\Sandboxie.ini
2014-12-10 20:19 - 2014-06-25 22:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 20:15 - 2014-06-26 11:36 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Skype
2014-12-10 20:13 - 2014-06-26 09:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 18:36 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 18:36 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 18:13 - 2014-06-26 09:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 18:11 - 2008-01-20 20:53 - 01405071 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 17:46 - 2014-06-28 23:58 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 17:44 - 2014-06-26 10:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 14:57 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 14:41 - 2014-06-26 10:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-10 14:36 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 14:35 - 2014-06-26 14:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-09 23:26 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 23:26 - 2014-06-26 09:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 23:26 - 2006-11-02 10:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 23:18 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 23:12 - 2014-07-04 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-09 22:19 - 2014-06-25 22:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:19 - 2014-06-25 22:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 22:19 - 2014-06-25 22:25 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 13:05 - 2014-06-26 14:59 - 00009000 _____ () C:\Windows\system32\spsys.log
2014-12-07 18:47 - 2014-07-01 16:20 - 00023040 _____ () C:\Users\bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 16:20 - 2008-01-20 22:26 - 00046112 _____ () C:\Windows\PFRO.log
2014-12-07 16:08 - 2014-06-26 14:26 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-12-07 15:51 - 2014-07-24 11:27 - 00003674 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB2AEF53-46B0-4413-A015-2010AE7DAB25}
2014-12-07 15:45 - 2014-06-28 23:37 - 00000680 _____ () C:\Users\bob\AppData\Local\d3d9caps.dat
2014-12-03 20:40 - 2014-07-01 16:40 - 00000000 ____D () C:\Users\bob\AppData\Roaming\vlc
2014-12-03 19:46 - 2014-06-26 10:22 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 19:46 - 2014-06-26 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 19:46 - 2014-06-26 10:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 17:33 - 2014-07-02 14:19 - 00000000 ____D () C:\Users\bob\AppData\Roaming\uTorrent
2014-11-26 18:16 - 2014-06-26 10:00 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:45 - 2014-06-26 15:29 - 00000000 ____D () C:\Users\Ilias
2014-11-25 17:45 - 2014-06-25 20:52 - 00000000 ____D () C:\Users\bob
2014-11-25 00:22 - 2006-11-02 07:46 - 00760418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 20:02 - 2014-06-26 10:15 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-24 20:02 - 2014-06-26 10:15 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-24 19:58 - 2014-09-13 15:34 - 00010855 ____H () C:\Users\bob\_viminfo
2014-11-24 18:29 - 2006-11-02 08:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-24 16:30 - 2006-11-02 10:27 - 00040194 _____ () C:\Windows\setupact.log
2014-11-21 06:14 - 2014-06-26 10:22 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-06-26 10:22 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-06-26 10:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 23:30 - 2014-06-26 15:39 - 00000000 ____D () C:\Windows\Minidump
2014-11-20 23:30 - 2014-06-26 15:37 - 691664871 _____ () C:\Windows\MEMORY.DMP
2014-11-15 18:08 - 2014-06-26 09:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 18:08 - 2014-06-26 09:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 11:52 - 2006-11-02 10:21 - 00273520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 20:35 - 2014-06-26 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 14:07 - 2014-08-07 19:55 - 00000000 ____D () C:\Program Files\Recuva
 
Some content of TEMP:
====================
C:\Users\bob\AppData\Local\Temp\MSN34D6.exe
C:\Users\bob\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-10 14:48
 
==================== End Of Log ============================
 
 
 
 
addition.txt
___________
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2014 01
Ran by bob at 2014-12-10 20:30:08
Running from C:\Users\bob\Desktop\opclean
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
f.lux (HKU\S-1-5-21-3554061020-106631535-30068609-1000\...\Flux) (Version:  - )
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.18.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31010.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-10-2014 20:52:31 Scheduled Checkpoint
28-10-2014 18:47:35 Windows Update
29-10-2014 19:44:12 Scheduled Checkpoint
31-10-2014 20:16:45 Windows Update
01-11-2014 20:40:05 Scheduled Checkpoint
02-11-2014 20:36:34 Scheduled Checkpoint
03-11-2014 01:34:33 Device Driver Package Install: Microsoft Universal Serial Bus controllers
03-11-2014 01:35:39 Device Driver Package Install: Microsoft Human Interface Devices
03-11-2014 02:31:46 Device Driver Package Install: Microsoft Bluetooth Radios
03-11-2014 02:32:45 Device Driver Package Install: Microsoft Human Interface Devices
03-11-2014 02:33:16 Device Driver Package Install: Microsoft Keyboards
04-11-2014 20:52:21 Windows Update
05-11-2014 21:03:55 Scheduled Checkpoint
06-11-2014 22:04:32 Scheduled Checkpoint
08-11-2014 18:54:28 Scheduled Checkpoint
08-11-2014 23:32:55 Windows Update
09-11-2014 04:46:04 Installed Java 7 Update 71
13-11-2014 22:53:47 Scheduled Checkpoint
14-11-2014 04:16:23 Windows Update
14-11-2014 17:50:58 Scheduled Checkpoint
18-11-2014 23:35:24 Windows Update
19-11-2014 04:38:08 Windows Update
25-11-2014 00:59:31 avast! antivirus system restore point
25-11-2014 20:14:06 Windows Update
30-11-2014 01:06:49 Scheduled Checkpoint
02-12-2014 04:14:24 Scheduled Checkpoint
02-12-2014 21:17:48 Windows Update
05-12-2014 23:23:45 Windows Update
09-12-2014 02:54:57 Scheduled Checkpoint
09-12-2014 18:16:58 Windows Update
10-12-2014 04:10:25 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2014-06-26 11:25 - 00450649 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3B0699C9-FE7D-4EE0-B92F-259D0C066B20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {5DAEB9C1-C080-440F-A31A-CE779A9D6EC6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {60643564-501A-4B24-B206-27C6E4553ECA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {65F4FC4D-CAC1-48D6-BA14-B078B8108FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {BB1B91F4-1135-46DC-BA75-69497EF59241} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F21785A8-08EA-40C1-B1D9-81FEE0BC6DD3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {F8E79B4D-BAF0-45F8-9FF1-2BB072638AA1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-24] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-10 13:41 - 2014-06-26 13:06 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-12-10 14:41 - 2014-12-10 14:41 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14121001\algo.dll
2014-06-26 10:14 - 2014-11-24 20:02 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 15:12 - 2014-11-10 15:12 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-09 22:19 - 2014-12-09 22:19 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2014-11-26 18:16 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 18:16 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-06-26 10:06 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\bob\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-26 10:06 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\bob\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-11-26 18:16 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3554061020-106631535-30068609-500 - Administrator - Disabled)
bob (S-1-5-21-3554061020-106631535-30068609-1000 - Administrator - Enabled) => C:\Users\bob
Guest (S-1-5-21-3554061020-106631535-30068609-501 - Limited - Disabled)
Ilias (S-1-5-21-3554061020-106631535-30068609-1001 - Limited - Enabled) => C:\Users\Ilias
 
==================== Faulty Device Manager Devices =============
 
Name: HP Photosmart Prem C310
Description: HP Photosmart Prem C310
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2014 02:37:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2014 11:25:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8
 
Error: (12/09/2014 11:25:34 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8
 
Error: (12/09/2014 01:05:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2014 10:25:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/09/2014 00:37:00 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{B1CAD752-280D-4F7F-A419-BE8DB34DF0DF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (12/08/2014 02:52:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/07/2014 04:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/07/2014 03:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/06/2014 01:56:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/10/2014 05:46:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (12/10/2014 05:46:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (12/10/2014 05:46:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/09/2014 11:26:51 PM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
 
Error: (12/09/2014 11:26:51 PM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 Missing or invalid expansion for SystemDrive:  [C0000189]
 
Error: (12/09/2014 11:26:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (12/09/2014 11:26:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (12/09/2014 11:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (12/09/2014 11:18:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (12/09/2014 11:16:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-10 20:29:54.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:54.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:54.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:54.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:17.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:17.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:17.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:16.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:16.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-10 20:29:16.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 75%
Total physical RAM: 6132.27 MB
Available physical RAM: 1506.93 MB
Total Pagefile: 12455.55 MB
Available Pagefile: 7355.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:581.12 GB) (Free:115.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 11 December 2014 - 05:50 PM

OK thanks for the info. Not much there to worry about.

 

If you get the prompt to download the file again go ahead and save it somewhere if you want and you can upload the file to my channel. Pretty sure I know what it is but iam always looking for new malicious .exe's to install. Once you have the file you can go to this link below, browse for the file on your machine then click the Send File button. Thanks. Then you can delete it from your machine.

 

channel link:

http://www.bleepingcomputer.com/submit-malware.php?channel=67

 

 

Lets get two more downloads and see what they dig up.

 

Please download Adwcleaner from here and save to your desktop.

 

http://www.bleepingcomputer.com/download/adwcleaner/
 
    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >AdwCleaner> AdwCleaner[S0].txt

 

Next:

 

Please download Junkware Removal Tool to your desktop.
 
http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#5 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 11 December 2014 - 07:55 PM

Adwcleaner log:

__

 

# AdwCleaner v4.105 - Report created 11/12/2014 at 18:54:13
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : bob - HOME-PC
# Running from : C:\Users\bob\Desktop\opclean\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Users\bob\AppData\LocalLow\HPAppData
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [1202 octets] - [07/12/2014 16:15:37]
AdwCleaner[R1].txt - [981 octets] - [11/12/2014 18:50:26]
AdwCleaner[S0].txt - [1279 octets] - [07/12/2014 16:19:17]
AdwCleaner[S1].txt - [909 octets] - [11/12/2014 18:54:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [968 octets] ##########
 
JRT log:
 
 
___
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by bob on Thu 12/11/2014 at 19:02:38.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/11/2014 at 19:51:56.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
590bf19088.png
 
This comes up around once a day or once every two days. Does it mean anything? I'm not on any torrent websites, not running any torrents or torrent clients while this happens (Haven't used them in a long time). Would a malwarebytes log be helpful?


#6 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 12 December 2014 - 08:43 AM

Nothing there either. A MBAM might help if it actually flags anything. You do have Adobe updater as a scheduled task. Lets see if you have the latest version of flash installed. You can go to this Adobe site to check:

 

http://helpx.adobe.com/flash-player.html

 

If you do then we can dump browser temp files, cache etc and see how that goes.


How Can I Reduce My Risk to Malware?


#7 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 12 December 2014 - 05:55 PM

"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available."

 

Chrome is up to date so I think it's good. 

 

I attached 2 mbam logs with detections. 

 

side note: avast blocks the website in your signature. Is it because of this? "Below is heavily edited raw HTTP from a malicious web site"

^ just got that from google

 

 

Attached Files


Edited by papermac123, 12 December 2014 - 05:55 PM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 12 December 2014 - 06:33 PM

Might be blocking my site because theres a example of shell code on there. Its totally harmless though.

You installed this?    C:\Program Files (x86)\puush\puush.exe

 

Lets us FRST;

 

Open notepad. Please copy the contents of whats between the lines below (not the lines themselves) into notepad

------------------------------------

EmptyTemp:

-------------------------------------


Save it on the Desktop as fixlist.txt

Run FRST again like before except this time press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply---------


How Can I Reduce My Risk to Malware?


#9 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 13 December 2014 - 03:00 PM

Yeah, I installed that.

 

____

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014 01

Ran by bob at 2014-12-13 00:43:22 Run:1
Running from C:\Users\bob\Desktop\opclean
Loaded Profile: bob (Available profiles: bob & Ilias)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
EmptyTemp:
*****************
 
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#10 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 13 December 2014 - 10:11 PM

Forgot about this last time. Clear out Chromes data, see link:

 

https://support.google.com/chrome/answer/95582?hl=en


How Can I Reduce My Risk to Malware?


#11 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 14 December 2014 - 02:29 PM

Done



#12 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 14 December 2014 - 05:37 PM

Ok. Hows it looking now on your end, any better?


How Can I Reduce My Risk to Malware?


#13 papermac123

papermac123
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 14 December 2014 - 09:03 PM

Seems pretty normal, not really sure since stuff just happens once in a while.



#14 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 15 December 2014 - 05:20 PM

Ok so far so good. Cruise around for a few days and see how it all looks. If all is good we can call it quits after removing some of the tools we used.


How Can I Reduce My Risk to Malware?


#15 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 30 December 2014 - 02:17 PM

Hi papermac123,

 

If all is good on your end you can get one more download that will remove the tools we used:

 

please download Delfix.exe and save it to your desktop:

 

    https://toolslib.net/downloads/viewdownload/2-delfix/

 

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.

    The tool will delete itself once it finishes. You can delete the log it generates.

 

    For Adwcleaner: open it up and click on the uninstall button

 

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users