Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran AVG and Spybot multiple times, still having problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 lmckeel87

lmckeel87

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 30 December 2014 - 02:21 PM

Hey all,

 

I haven't really had any adware or malware issues in quite a while, but it looks like I got a nasty one this time. I ran both AVG and Spybot S&D multiple times and did a fair share of restarts, but I'm still getting unwanted pop-ups, links, etc. almost EVERY time I click a link of any sort. I am currently using my computer quite a bit in order to apply for jobs. The process is tedious as is, but it has become exceedingly frustrating to have random websites intrude out of nowhere and to click on a job link at least 2-3 times before getting the actual link I want. I'm even getting some intermittent mouse lag, which may or may not be related.

 

I installed HijackThis and ran a system scan. The log file and additional dialog box it showed me with the scan are pasted below. If anyone can offer assistance on what I need to remove, I would be exceedingly grateful.

 

Thanks in advance!

 

 

HijackThis Dialog Box Content:

 

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run, and type:
notepad C:\WINDOWS\System32\drivers\etc\hosts
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as ‘hosts.’ (with quotes) and reboot.
 

 

HijackThis Log File:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:03:51 PM, on 12/30/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Users\Luke\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9880;https=127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN17R4853N05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c 
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419961918
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) - 
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @oem35.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2013/01/16 01:00:32 (CLKMSVC10_3A60B698) - CyberLink - C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MroyanUses - Unknown owner - C:\Program Files (x86)\MroyanUses\MroyanUses.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 15997 bytes

 



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 01 January 2015 - 12:25 PM

hi Imckeel87

 

If you still need help you can get a download to use and we will go from there;

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 lmckeel87

lmckeel87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 01 January 2015 - 02:17 PM

Thank you for the response!!!

 

I downloaded the tool and followed the instructions you posted. Here the logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Luke (administrator) on LUKEPC on 01-01-2015 14:02:34
Running from C:\Users\Luke\Downloads
Loaded Profiles: UpdatusUser & Luke (Available profiles: UpdatusUser & Luke)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\MroyanUses\MroyanUses.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MroyanUses\MroyanUsesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-13] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [656896 2012-09-20] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-01-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-01-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-07] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4043130563-1443416693-3322528050-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-30] (Google Inc.)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-29] ()
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\RunOnce: [Adobe Speed Launcher] => 1419998430
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-4043130563-1443416693-3322528050-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4043130563-1443416693-3322528050-1002] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = 
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={73902F1E-3C8E-48A2-8EED-302F471DF27F}&mid=efbc0c5eb70647d39dc0f121db797316-dadc5b13fae32a95b302fcf8fec08f195cf9c4e5&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:54&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN28948521927752134&UM=2
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Luke\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Luke\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MroyanUses; C:\Program Files (x86)\MroyanUses\MroyanUses.exe [3960320 2014-12-23] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 14:02 - 2015-01-01 14:03 - 00026371 _____ () C:\Users\Luke\Downloads\FRST.txt
2015-01-01 14:01 - 2015-01-01 14:01 - 00001155 _____ () C:\Users\Luke\Desktop\FRST64 - Shortcut.lnk
2015-01-01 14:00 - 2015-01-01 14:02 - 00000000 ____D () C:\FRST
2015-01-01 13:59 - 2015-01-01 13:59 - 02123264 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe
2014-12-31 12:43 - 2014-12-31 12:43 - 00015845 _____ () C:\Users\Luke\Downloads\hijackthis_12-31
2014-12-30 14:01 - 2014-12-30 14:01 - 00001193 _____ () C:\Users\Luke\Desktop\HijackThis - Shortcut.lnk
2014-12-30 14:01 - 2014-12-30 14:01 - 00001171 _____ () C:\Users\Luke\Downloads\HijackThis - Shortcut.lnk
2014-12-30 13:22 - 2013-08-22 08:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-132235.backup
2014-12-30 13:17 - 2014-12-30 13:17 - 00000109 _____ () C:\WINDOWS\wininit.ini
2014-12-30 12:40 - 2014-12-30 13:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-30 12:40 - 2014-12-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-30 12:40 - 2014-12-30 12:40 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-30 12:40 - 2014-12-30 12:40 - 00001406 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-30 12:40 - 2014-12-30 12:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-30 12:40 - 2014-12-30 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-30 12:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-30 12:35 - 2014-12-30 12:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Luke\Downloads\spybot-2.4.exe
2014-12-30 00:12 - 2014-12-30 00:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 00:10 - 2014-12-30 00:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luke\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 23:51 - 2014-12-29 23:51 - 00001266 _____ () C:\Users\Luke\Downloads\software_removal_tool - Shortcut.lnk
2014-12-29 23:50 - 2014-12-29 23:54 - 00005639 _____ () C:\Users\Luke\Downloads\software_removal_tool.log
2014-12-29 23:07 - 2014-12-29 23:09 - 00000000 ____D () C:\Users\Luke\Downloads\backups
2014-12-29 22:58 - 2014-12-30 23:07 - 00015845 _____ () C:\Users\Luke\Downloads\hijackthis.log
2014-12-29 22:51 - 2014-12-29 22:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Luke\Downloads\HijackThis.exe
2014-12-29 22:49 - 2014-12-29 22:49 - 00000017 _____ () C:\Users\Luke\AppData\Local\resmon.resmoncfg
2014-12-28 21:39 - 2014-12-28 21:45 - 00000000 ____D () C:\Users\Luke\Documents\Deus Ex
2014-12-28 20:43 - 2014-12-28 21:34 - 1239299948 _____ (DaveW) C:\Users\Luke\Downloads\New_Vision_v1-5.exe
2014-12-28 19:54 - 2014-12-28 19:54 - 04275224 _____ (PC Drivers HeadQuarters LP) C:\Users\Luke\Downloads\DriverManager.exe
2014-12-28 19:43 - 2014-12-28 19:43 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-28 18:45 - 2014-12-29 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-28 18:45 - 2014-12-28 18:45 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-28 18:45 - 2014-12-28 18:45 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-28 18:42 - 2014-12-28 18:42 - 04578024 _____ (AVG Technologies) C:\Users\Luke\Downloads\avg_avct_stb_all_2015_5315_ppc17.exe
2014-12-28 18:32 - 2014-12-28 18:32 - 00003096 _____ () C:\WINDOWS\System32\Tasks\{A11A6466-1BD6-44A5-B257-A439990C73A6}
2014-12-28 18:30 - 2014-12-29 23:29 - 00000000 ____D () C:\ProgramData\uxwEFmjJIKh
2014-12-28 18:26 - 2014-12-28 18:26 - 00359730 _____ () C:\WINDOWS\SysWOW64\errordetails.xml
2014-12-28 18:19 - 2014-12-29 23:29 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-12-28 18:19 - 2014-12-28 18:38 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 18:19 - 2014-12-28 18:19 - 00003106 _____ () C:\WINDOWS\System32\Tasks\RPC
2014-12-28 18:18 - 2014-12-29 23:29 - 00000000 __SHD () C:\Program Files (x86)\MroyanUses
2014-12-16 22:58 - 2014-12-16 22:59 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Galcon 2
2014-12-16 19:17 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 19:16 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 16:17 - 2014-12-11 16:17 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-09 16:23 - 2014-12-09 16:23 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-09 14:53 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-09 14:53 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 14:52 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-09 14:52 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-09 14:41 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-09 14:41 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-09 14:41 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-09 14:41 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-09 14:41 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-09 14:41 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-09 14:41 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-09 14:41 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 14:41 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 14:41 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 14:41 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 14:41 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 14:41 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 14:41 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 14:41 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 14:41 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 14:41 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 14:41 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 14:41 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 14:41 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 14:41 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 14:41 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 14:41 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 14:41 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 14:41 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 14:41 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 14:41 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 14:41 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 14:41 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 14:41 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 14:41 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 14:41 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 14:41 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 14:41 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 14:41 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 14:41 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 14:41 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 14:41 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 14:41 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 14:41 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 14:41 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 14:41 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 14:41 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 14:41 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 14:41 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 14:41 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 14:41 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 14:41 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 14:41 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-09 14:41 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 14:41 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 14:41 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 14:41 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 14:41 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 10:59 - 2015-01-01 13:52 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAC0A2E1-DD92-4B12-804C-E6A9428B72F6}
2014-12-09 10:59 - 2014-12-09 10:59 - 00000000 __SHD () C:\Users\Luke\AppData\Local\EmieUserList
2014-12-09 10:59 - 2014-12-09 10:59 - 00000000 __SHD () C:\Users\Luke\AppData\Local\EmieSiteList
2014-12-09 10:59 - 2014-12-09 10:59 - 00000000 __SHD () C:\Users\Luke\AppData\Local\EmieBrowserModeList
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-12-08 20:15 - 2014-12-08 20:15 - 00021138 _____ () C:\Users\Luke\Downloads\MyDataDownload.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-01 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 13:54 - 2013-02-27 11:35 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-01 13:49 - 2014-10-28 17:20 - 01131703 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 00:37 - 2013-01-30 14:11 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 00:26 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-31 18:37 - 2013-01-30 14:11 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 23:00 - 2014-10-28 17:59 - 00000000 ____D () C:\Users\Luke\OneDrive
2014-12-30 23:00 - 2014-05-29 23:34 - 00000388 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-12-30 23:00 - 2014-05-29 23:34 - 00000388 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-12-30 23:00 - 2013-08-02 12:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 14:36 - 2013-01-22 14:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4043130563-1443416693-3322528050-1002
2014-12-30 13:17 - 2013-01-16 04:00 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-30 12:57 - 2014-09-24 02:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-30 12:49 - 2014-09-24 02:03 - 00024648 _____ () C:\WINDOWS\PFRO.log
2014-12-30 12:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 12:49 - 2013-08-22 08:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-30 00:34 - 2013-08-13 12:01 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\DSite
2014-12-29 23:50 - 2013-08-13 12:07 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-12-29 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-29 23:29 - 2014-11-22 18:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-29 23:29 - 2014-10-28 17:21 - 00000000 ____D () C:\Program Files (x86)\USB Camera
2014-12-29 23:29 - 2014-10-28 17:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-29 23:29 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-29 23:29 - 2014-05-29 23:34 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update
2014-12-29 23:29 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-12-29 23:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-29 23:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-12-29 23:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-29 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-12-29 23:29 - 2013-04-16 12:43 - 00000000 ____D () C:\ProgramData\Energy Management
2014-12-29 23:29 - 2013-04-04 08:25 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-12-29 23:29 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-28 18:59 - 2014-10-28 16:37 - 00000000 ____D () C:\Users\Luke\AppData\Local\Avg2015
2014-12-28 18:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-28 18:50 - 2014-10-28 16:50 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-28 18:45 - 2013-02-27 12:08 - 00000000 ___HD () C:\$AVG
2014-12-28 18:23 - 2013-08-13 11:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-28 18:23 - 2013-08-13 11:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-26 22:05 - 2013-08-02 13:19 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 11:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-18 12:12 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-13 18:06 - 2013-08-13 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 12:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 16:23 - 2013-01-30 14:11 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 16:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 16:37 - 2013-01-30 14:11 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 16:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-09 16:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-09 16:18 - 2013-01-30 13:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 16:17 - 2013-08-15 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 16:15 - 2013-01-23 17:27 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 14:36
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Luke at 2015-01-01 14:03:53
Running from C:\Users\Luke\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Deus Ex New Vision (HKLM-x32\...\Deus Ex New Vision) (Version: 1.5 - DaveW)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Galcon 2 (HKLM-x32\...\Steam App 294160) (Version:  - Hassey Enterprises, Inc.)
GenoPro 2.5.4.1 (HKLM-x32\...\GenoPro) (Version:  - GenoPro Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{89D2FA50-6002-4AFB-8586-3E38B355E891}) (Version: 15.05.2000.1462 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3600 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.15.1 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
29-12-2014 23:11:58 Restore Operation
29-12-2014 23:50:32 Software Removal Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-12-30 13:22 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {177F42CC-FDDE-4BB3-BE9C-DF1715795DE8} - System32\Tasks\{A11A6466-1BD6-44A5-B257-A439990C73A6} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {20633E95-09AF-4DFE-B7ED-2F29BD428C4A} - System32\Tasks\DSite => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4A326222-5A8B-494F-AEA6-3E4FF2D68141} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5B5160D1-EC03-4961-8C7F-FB3C10EDD166} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {67E3FA07-238F-4CA6-BEBD-46B61FBCF3DA} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-29] ()
Task: {7A1C3EC5-019B-4EE3-A63D-D4BF529EFDF6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-17] (Synaptics Incorporated)
Task: {A944E9B5-A2DB-474E-83A6-B24973E96416} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AB7F000D-2110-4B2C-AE99-A8E5CDF74197} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {C3A6AA39-0A38-4939-8009-D474075267DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C4647FA9-B64A-4F92-BEBE-19CDB6493A41} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {CDBF0DB7-87F9-4A3E-922C-0682234E1E68} - System32\Tasks\RPC => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe [2014-11-20] ()
Task: {D42EA351-D6FE-4459-8B29-9403BE01CE93} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-29] ()
Task: {E636ABBA-68A4-4468-A329-B31F242BE050} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F44866F6-71A0-443E-870B-E008AF218EFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FCB86665-6776-4826-B5C0-07F1A7248F2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-03 16:22 - 2011-04-11 00:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2012-10-21 23:22 - 2012-10-21 23:22 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-12-28 18:19 - 2014-12-23 11:54 - 03960320 ___SH () C:\Program Files (x86)\MroyanUses\MroyanUses.exe
2014-05-29 23:34 - 2014-05-29 23:34 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2014-08-11 14:30 - 2014-08-11 14:29 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2014-12-28 18:19 - 2014-12-28 18:19 - 00049664 ____R () C:\Program Files (x86)\MroyanUses\MroyanUsesHelper.exe
2013-12-26 18:42 - 2013-12-26 18:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-07-16 03:49 - 2012-07-16 03:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2013-04-04 08:25 - 2014-11-07 10:57 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-01-16 03:39 - 2012-09-13 21:55 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-30 12:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-30 12:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-30 12:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-30 12:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-30 12:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2014-08-11 14:30 - 2014-08-11 14:29 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-11-02 21:01 - 2014-11-02 21:01 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\63948598d919af60addb114fdd3ccb56\PSIClient.ni.dll
2013-01-16 03:34 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-27 10:52 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-27 10:52 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-27 10:52 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 07:20 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-10-27 10:52 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-27 10:52 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-27 10:52 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-26 13:46 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 13:32 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-12-10 14:56 - 2014-03-21 13:46 - 01603608 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-12-10 16:37 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 16:37 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 16:37 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 16:37 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-10 16:37 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\SysWOW64\CN17R4853N05PJ:NW
AlternateDataStreams: C:\Users\Luke\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4043130563-1443416693-3322528050-500 - Administrator - Disabled)
Guest (S-1-5-21-4043130563-1443416693-3322528050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4043130563-1443416693-3322528050-1004 - Limited - Enabled)
Luke (S-1-5-21-4043130563-1443416693-3322528050-1002 - Administrator - Enabled) => C:\Users\Luke
UpdatusUser (S-1-5-21-4043130563-1443416693-3322528050-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 06:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x1dc4
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 06:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0xe24
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 06:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x1508
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 06:06:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x1668
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 05:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x78
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 05:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x12ec
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 05:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x25e0
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 05:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x2514
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 04:49:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x2790
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
Error: (12/30/2014 04:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17031, time stamp: 0x53085904
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x00000004
Fault offset: 0x00012f71
Faulting process id: 0x27ec
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5
 
 
System errors:
=============
Error: (12/30/2014 00:53:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (12/30/2014 00:53:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/30/2014 00:51:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MroyanUses service hung on starting.
 
Error: (12/30/2014 00:38:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (12/30/2014 00:38:39 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/30/2014 00:36:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MroyanUses service hung on starting.
 
Error: (12/29/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (12/29/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/29/2014 11:32:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MroyanUses service hung on starting.
 
Error: (12/29/2014 11:32:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%2147770990
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 06:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f711dc401d0248b61206e81C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll9f823925-907e-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 06:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f71e2401d024898e579a98C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllccf4fabc-907c-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 06:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f71150801d02487614018a5C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlla2a19f69-907a-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 06:06:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f71166801d024853fa61559C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll8bf8fdcb-9078-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 05:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f717801d02482f15bf62cC:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll7b7ecd6d-9076-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 05:25:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f7112ec01d0247f8a6ff40eC:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllc8e2642b-9072-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 05:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f7125e001d0247eb5964e42C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllf3ee8581-9071-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 05:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f71251401d0247c9d263dcfC:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldb918815-906f-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 04:49:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f71279001d0247a84b3c9a0C:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllc30c0823-906d-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
Error: (12/30/2014 04:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.1703153085904KERNELBASE.dll6.3.9600.1727853eeb4600000000400012f7127ec01d024786c44d69fC:\WINDOWS\syswow64\wwahost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllaacfdb6f-906b-11e4-bedd-20689d9d9ae5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-11 23:16:46.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-11 23:15:23.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-11 20:07:35.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-11 16:24:45.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 19:15:39.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 17:14:51.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 17:12:44.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 17:11:58.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 16:20:16.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-21 16:07:34.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 8057.77 MB
Available physical RAM: 3389.3 MB
Total Pagefile: 10617.77 MB
Available Pagefile: 4190.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:742.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 14.9 GB) (Disk ID: BBE1C6E9)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BBE1C6EA)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 


#4 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 01 January 2015 - 07:12 PM

hi,

 

Thanks for the logs. Do you recogonize ot know what this is: C:\Program Files (x86)\MroyanUses\MroyanUses.exe

Did you enable a proxy in Interent Explorer?

 

We will get two downloads you can use and we will come back to the FRST log:

 

 

1) Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

 

2) Download Minitoolbox:

   http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

 Checkmark following boxes:


 Report IE Proxy Settings
 Report FF Proxy Settings

Click Go and post the result.

 


How Can I Reduce My Risk to Malware?


#5 lmckeel87

lmckeel87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 01 January 2015 - 07:56 PM

I followed the instructions and posted the results below. I probably should have said this before, but I never use Internet Explorer so I'm really not sure about the proxy settings for that browser. I mainly use Chrome.
 
 
# AdwCleaner v4.106 - Report created 01/01/2015 at 19:28:55
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Luke - LUKEPC
# Running from : C:\Users\Luke\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.9
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Luke\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Luke\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Luke\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Luke\AppData\Roaming\DSite
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : DSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\a55d688b03fe915
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D1D4F8C8-286D-403B-A7B3-0B2D16308A49}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Red Sky
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [10572 octets] - [01/01/2015 19:23:59]
AdwCleaner[S0].txt - [10100 octets] - [01/01/2015 19:28:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10161 octets] ##########
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Luke (administrator) on 01-01-2015 at 19:51:05
Running from "C:\Users\Luke\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: http=127.0.0.1:9880;https=127.0.0.1:9880
 
**** End of log ****
 


#6 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 01 January 2015 - 09:54 PM

ok thanks for the info. Before we use FRST, do you recognize this file; MroyanUses.exe

located here:

C:\Program Files (x86)\MroyanUses\

 


How Can I Reduce My Risk to Malware?


#7 lmckeel87

lmckeel87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 02 January 2015 - 12:08 PM

Hmmm I can't say I recognize the file. The application is listed as "MroyanUsesHelper" when I go to the file directory. I looked at the properties, and the file was created on 12/28/14. Since the file wasn't created until 5 days ago, it doesn't seem like an essential application for any reason. 

 

Hope that helps. Also, the problems I listed in the first post are no longer occurring (HUGE relief). But I know little remnants can always be lurking even after the primary issues have stopped, so I definitely want to be thorough and make sure all the possible causes are eliminated.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 02 January 2015 - 03:27 PM

Ok. thanks for the info. We will use FRST to remove some items and get another download which targets adware much like Adwcleaner does.
 
 
Open notepad. Please copy/paste the contents of the code box below into notepad
 
ProxyEnable: [S-1-5-21-4043130563-1443416693-3322528050-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4043130563-1443416693-3322528050-1002] => http=127.0.0.1:9880;https=127.0.0.1:9880
SearchScopes: HKLM-x32 -> DefaultScope {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = 
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={73902F1E-3C8E-48A2-8EED-302F471DF27F}&mid=efbc0c5eb70647d39dc0f121db797316-dadc5b13fae32a95b302fcf8fec08f195cf9c4e5&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:54&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN28948521927752134&UM=2
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\MroyanUses\MroyanUses.exe
C:\Program Files (x86)\MroyanUses\MroyanUsesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {20633E95-09AF-4DFE-B7ED-2F29BD428C4A} - System32\Tasks\DSite => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
Save it has: fixlist.txt to the same place you have FRST.exe located--> (C:\Users\Luke\Downloads)

Run FRST again like before except this time: press the Fix button just once and wait.
The tool will make a log in the same directory named: Fixlog.txt please post it to your reply.

Next:

Please download Junkware Removal Tool to your desktop.

http://thisisudax.org/downloads/JRT.exe

Double click the icon or Right click for Vista/W7,8 and select Run as administrator
The tool will open and start scanning.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your reply.

How Can I Reduce My Risk to Malware?


#9 lmckeel87

lmckeel87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 02 January 2015 - 06:40 PM

Ok, I posted the results below. I greatly appreciate all the help so far!
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Luke at 2015-01-02 18:29:11 Run:1
Running from C:\Users\Luke\Downloads
Loaded Profile: Luke (Available profiles: UpdatusUser & Luke)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ProxyEnable: [S-1-5-21-4043130563-1443416693-3322528050-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-4043130563-1443416693-3322528050-1002] => http=127.0.0.1:9880;https=127.0.0.1:9880
SearchScopes: HKLM-x32 -> DefaultScope {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = 
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={73902F1E-3C8E-48A2-8EED-302F471DF27F}&mid=efbc0c5eb70647d39dc0f121db797316-dadc5b13fae32a95b302fcf8fec08f195cf9c4e5&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 21:28:54&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> {D1D4F8C8-286D-403B-A7B3-0B2D16308A49} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN28948521927752134&UM=2
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-4043130563-1443416693-3322528050-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\MroyanUses\MroyanUses.exe
C:\Program Files (x86)\MroyanUses\MroyanUsesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {20633E95-09AF-4DFE-B7ED-2F29BD428C4A} - System32\Tasks\DSite => C:\Users\Luke\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
*****************
 
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1D4F8C8-286D-403B-A7B3-0B2D16308A49} => Key not found. 
HKCR\CLSID\{D1D4F8C8-286D-403B-A7B3-0B2D16308A49} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-4043130563-1443416693-3322528050-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
vToolbarUpdater18.1.9 => Service not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe" => File/Directory not found.
"C:\Program Files (x86)\MroyanUses\MroyanUses.exe" => File/Directory not found.
C:\Program Files (x86)\MroyanUses\MroyanUsesHelper.exe => Moved successfully.
"C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" => File/Directory not found.
C:\WINDOWS\Tasks\DSite.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20633E95-09AF-4DFE-B7ED-2F29BD428C4A} => Key not found. 
C:\Windows\System32\Tasks\DSite not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key not found. 
 
==== End of Fixlog 18:29:12 ====
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Luke on Fri 01/02/2015 at 18:33:27.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\prefetch\AVG SAFEGUARD TOOLBAR-8A6D5B80.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERMANAGER.EXE-08A9F1C8.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERMANAGER.EXE-EBA93285.pf
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/02/2015 at 18:35:54.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#10 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 02 January 2015 - 10:32 PM

Looks good. If all is good on your end you can get one more download that will remove some of the tools we used then delete itself. If you see anything it misses you can just delete it:

 

    Please download Delfix.exe and save it to your desktop.

    https://toolslib.net/downloads/viewdownload/2-delfix/

    Right click and select "run as admin" ensure "Remove disinfection tools" is checked and click on the Run button
    The tool will delete itself once it finishes. You can delete the log it generates


How Can I Reduce My Risk to Malware?


#11 lmckeel87

lmckeel87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 03 January 2015 - 12:55 PM

Excellent! Thanks again for the help shelf life!! You have saved me A LOT of headaches!

 

Hope you have an awesome weekend.

 

 

Luke



#12 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 03 January 2015 - 02:20 PM

Ok, thanks. Happy Safe Surfing out there.


How Can I Reduce My Risk to Malware?


#13 shelf life

shelf life

  • Malware Response Team
  • 2,642 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:57 AM

Posted 03 January 2015 - 07:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users