Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacked? Need some help identifying pls :-)


  • This topic is locked This topic is locked
9 replies to this topic

#1 ollyk

ollyk

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 January 2015 - 07:49 AM

hi folks, I have a problem in chrome where by certain random words are highlighted that should not be (and I assume, click to random webpages selling pills and stuff ???) and when I click on some links a second tab opens with various questionnaires etc.. Running Chrome with Scriptblock, main anti-virus is Avira and I have SuperAS and Online Armor running. I also use and have up to date Adwcleaner, Combofix, JRT, CCleaner and Malwarebytes virus / Antiroot. Not sure if I have missed any good stuff from the list?

DDS as requested...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.67.2
Run by Olly at 12:35:19 on 2015-01-10
Microsoft® Windows Vista Business 6.0.6000.0.1252.44.1033.18.2045.886 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\CleanMem\mini_monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
F:\Permenant_Programs\xplorer2_lite\xplorer2_lite.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - d:\program files\lastpass\LPToolbar.dll
BHO: BT Toolbar: {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - c:\program files\bttb\bttbX.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: BT Toolbar: {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - c:\program files\bttb\bttbX.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\program files\lastpass\LPToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
dRun: [Google+ Auto Backup] "c:\program files\google\google+ auto backup\Google+ Auto Backup.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - c:\users\olly\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\olly\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - d:\program files\lastpass\LPToolbar.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{24FC7370-BF4E-45AE-8905-81057522C54D} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CE6EB9CB-A1B8-414C-9080-CD27481661C0} : DHCPNameServer = 192.168.1.254
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\olly\appdata\roaming\mozilla\firefox\profiles\cywz9z9z.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\olly\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\lastpass\nplastpass.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-12-10 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-12-10 431920]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-12-10 431920]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-12-10 98160]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
R2 HTCMonitorService;HTCMonitorService;d:\program files\htc\htc sync manager\HSMServiceEntry.exe [2014-4-2 87368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-4-6 45344]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2014-3-7 105984]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2013-12-18 73728]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-12-10 992560]
S4 BT Help Wizard;BT Help Wizard;c:\program files\bt broadband desktop help\btbb\ma\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe [2014-1-21 321024]
.
=============== Created Last 30 ================
.
2015-01-08 23:16:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 23:11:40 -------- d-----w- c:\windows\ERUNT
2015-01-08 23:05:34 -------- d-----w- C:\AdwCleaner
2015-01-08 22:58:08 -------- d-sh--w- C:\$RECYCLE.BIN
2015-01-08 21:55:56 -------- d-----w- C:\ComboFix
2015-01-03 12:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2015-01-03 12:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2015-01-03 12:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2015-01-03 12:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2015-01-03 12:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2015-01-03 12:27:06 -------- d-----w- c:\program files\iPod
2015-01-03 12:27:01 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-28 16:45:37 -------- d-----w- c:\users\olly\appdata\local\Samsung
2014-12-28 16:45:31 -------- d-----w- c:\users\olly\appdata\roaming\Samsung
2014-12-28 16:32:12 144664 ----a-w- c:\windows\system32\secman.dll
2014-12-28 16:32:07 4659712 ----a-w- c:\windows\system32\Redemption.dll
2014-12-28 16:31:31 821824 ----a-w- c:\windows\system32\dgderapi.dll
2014-12-28 16:31:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2014-12-28 16:31:31 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2014-12-28 16:29:15 -------- d-----w- c:\programdata\Samsung
2014-12-28 16:29:15 -------- d-----w- c:\program files\Samsung
2014-12-28 16:15:45 -------- d-----w- c:\users\olly\appdata\local\DriverToolkit
2014-12-28 16:15:34 -------- d-----w- c:\program files\DriverToolkit
2014-12-27 21:28:43 -------- d-----w- C:\SUPERDelete
2014-12-27 21:23:17 -------- d-----w- c:\users\olly\appdata\roaming\SUPERAntiSpyware.com
2014-12-27 21:22:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-12-27 21:22:50 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2015-01-08 23:16:22 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-19 13:59:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 13:59:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-21 06:14:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:14:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 14:58:23 11211264 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 12:36:16.18 ===============

Edited by ollyk, 10 January 2015 - 07:51 AM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 PM

Posted 10 January 2015 - 10:53 AM

Hey my friend,

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 ollyk

ollyk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 January 2015 - 11:08 AM

Thanks, here are the results...


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by Olly (administrator) on LAPPY on 10-01-2015 16:05:14
Running from C:\Users\Olly\Desktop\security\TEMP
Loaded Profiles: Olly & UpdatusUser (Available profiles: Olly & UpdatusUser)
Platform: Microsoft® Windows Vista Business (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(PcWinTech.com) D:\Program Files\CleanMem\Mini_Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) D:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [2415104 2012-10-02] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1796357883-2258083618-2017668075-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1796357883-2258083618-2017668075-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files\bttb\bttbX.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files\bttb\bttbX.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files\LastPass\LPToolbar.dll (LastPass)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [366440 2012-10-02] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files\LastPass\nplastpass.dll (LastPass)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1796357883-2258083618-2017668075-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Olly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Fast Dial - C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default\Extensions\fastdial@telega.phpnet.us [2014-09-26]
FF Extension: LastPass - C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default\Extensions\support@lastpass.com [2015-01-03]
FF Extension: BT Toolbar - C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default\Extensions\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} [2014-01-11]
FF Extension: NoScript - C:\Users\Olly\AppData\Roaming\Mozilla\Firefox\Profiles\cywz9z9z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-28]
FF Extension: BT DesktopHelp extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2014-12-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2014-12-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-11]
CHR Extension: (Google Docs) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-11]
CHR Extension: (YouTube) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Google Sheets) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-11]
CHR Extension: (ScriptBlock) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-01-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-11]
CHR Extension: (BT Toolbar) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2014-10-11]
CHR Extension: (ArcadeYum) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Neater Bookmarks) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files\bttb\toolbar.crx [2013-11-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S4 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe [321024 2014-01-21] (Alcatel-Lucent) [File not signed]
R2 HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [216072 2012-10-02] (Emsisoft GmbH)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4463864 2012-10-02] (Emsisoft GmbH)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [51392 2009-04-06] (FotoNation Inc.)
S3 CoachVid; C:\Windows\System32\DRIVERS\CoachVid.sys [45344 2009-04-06] (FotoNation Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [208320 2012-10-02] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44992 2012-10-02] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [27648 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31768 2012-10-02] (Emsisoft)
S3 SANDRA; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-10] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 16:05 - 2015-01-10 16:05 - 00000000 ____D () C:\FRST
2015-01-10 12:55 - 2015-01-10 14:52 - 00000000 ____D () C:\ProgramData\OnlineArmor
2015-01-10 12:55 - 2015-01-10 12:56 - 00000000 ____D () C:\Users\Olly\AppData\Roaming\OnlineArmor
2015-01-10 12:53 - 2015-01-10 14:52 - 00000000 ____D () C:\Program Files\Online Armor
2015-01-10 12:53 - 2015-01-10 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2015-01-10 12:53 - 2012-10-02 15:03 - 00044992 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2015-01-10 12:53 - 2012-10-02 15:02 - 00208320 _____ () C:\Windows\system32\Drivers\OADriver.sys
2015-01-10 12:53 - 2012-10-02 15:02 - 00031768 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2015-01-10 12:53 - 2012-10-02 15:02 - 00027648 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2015-01-10 12:52 - 2015-01-10 12:52 - 01156136 _____ (Ruiware) C:\Users\Olly\Desktop\wpsetup.exe
2015-01-08 23:16 - 2015-01-10 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 23:14 - 2015-01-08 23:14 - 00001772 _____ () C:\sc-cleaner.txt
2015-01-08 23:14 - 2015-01-08 23:14 - 00000904 _____ () C:\Users\Olly\Desktop\JRT.txt
2015-01-08 23:11 - 2015-01-10 12:36 - 00012729 _____ () C:\Users\Olly\Desktop\dds.txt
2015-01-08 23:11 - 2015-01-10 12:36 - 00004499 _____ () C:\Users\Olly\Desktop\attach.txt
2015-01-08 23:11 - 2015-01-08 23:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 23:05 - 2015-01-08 23:08 - 00000000 ____D () C:\AdwCleaner
2015-01-08 23:00 - 2015-01-08 23:04 - 00000000 ____D () C:\Users\Olly\Desktop\SORT
2015-01-08 22:59 - 2015-01-08 22:59 - 00013470 _____ () C:\ComboFix.txt
2015-01-08 22:54 - 2015-01-08 23:09 - 00000852 _____ () C:\Windows\PFRO.log
2015-01-08 21:59 - 2015-01-10 16:03 - 00000000 ____D () C:\Users\Olly\Desktop\security
2015-01-08 21:55 - 2015-01-08 22:59 - 00000000 ____D () C:\ComboFix
2015-01-03 12:30 - 2015-01-03 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-03 12:27 - 2015-01-03 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 12:27 - 2015-01-03 12:27 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-03 12:27 - 2015-01-03 12:27 - 00000000 ____D () C:\Program Files\iPod
2014-12-28 23:03 - 2014-12-28 23:49 - 00000000 ____D () C:\Users\Olly\Documents\SelfMV
2014-12-28 23:03 - 2014-12-28 23:03 - 00001750 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-12-28 23:03 - 2014-12-28 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-28 16:45 - 2014-12-28 23:05 - 00000000 ____D () C:\Users\Olly\Documents\samsung
2014-12-28 16:45 - 2014-12-28 23:03 - 00000000 ____D () C:\Users\Olly\AppData\Roaming\Samsung
2014-12-28 16:45 - 2014-12-28 17:03 - 00000000 ____D () C:\Users\Olly\AppData\Local\Samsung
2014-12-28 16:45 - 2014-12-28 16:45 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-28 16:41 - 2014-12-28 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-12-28 16:32 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-12-28 16:32 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-12-28 16:31 - 2013-12-30 10:52 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-12-28 16:31 - 2013-12-30 10:52 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2014-12-28 16:31 - 2013-12-30 10:52 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\system32\Drivers\dgderdrv.sys
2014-12-28 16:29 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-28 16:29 - 2014-12-28 23:02 - 00000000 ____D () C:\Program Files\Samsung
2014-12-28 16:15 - 2014-12-28 16:15 - 00000000 ____D () C:\Users\Olly\AppData\Local\DriverToolkit
2014-12-28 16:15 - 2014-12-28 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2014-12-28 16:15 - 2014-12-28 16:15 - 00000000 ____D () C:\Program Files\DriverToolkit
2014-12-27 21:28 - 2014-12-27 21:28 - 00000000 ____D () C:\SUPERDelete
2014-12-27 21:23 - 2014-12-27 21:23 - 00000000 ____D () C:\Users\Olly\AppData\Roaming\SUPERAntiSpyware.com
2014-12-27 21:22 - 2015-01-10 14:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 21:22 - 2014-12-27 21:22 - 20846536 _____ (SUPERAntiSpyware) C:\Users\Olly\Downloads\SUPERAntiSpyware.exe
2014-12-27 21:22 - 2014-12-27 21:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 21:22 - 2014-12-27 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-23 19:10 - 2014-12-23 19:10 - 00006697 _____ () C:\Users\Olly\Desktop\google.csv
2014-12-18 07:00 - 2014-12-18 07:00 - 00035545 _____ () C:\Users\Olly\Documents\Untitled 1.odt
2014-12-13 00:34 - 2014-12-13 00:34 - 00417064 _____ () C:\Users\Olly\Downloads\DellSystemDetect(1).exe
2014-12-13 00:00 - 2014-12-13 00:05 - 500103614 _____ () C:\Users\Olly\Downloads\E6400-win7-A03-MM53C.CAB

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 15:56 - 2006-11-02 12:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 15:56 - 2006-11-02 12:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 15:54 - 2013-12-09 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 15:42 - 2014-02-07 21:37 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-01-10 15:15 - 2013-12-09 21:49 - 00001356 _____ () C:\Users\Olly\AppData\Local\d3d9caps.dat
2015-01-10 15:11 - 2013-12-10 12:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 15:00 - 2014-10-26 18:53 - 01060404 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 14:56 - 2013-12-10 12:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 14:56 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 14:55 - 2013-12-10 12:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 14:54 - 2006-11-02 13:01 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 12:54 - 2013-12-09 21:49 - 00000000 ____D () C:\Users\Olly
2015-01-10 12:06 - 2006-11-02 10:33 - 00802588 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 21:42 - 2014-02-07 21:37 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-01-08 23:16 - 2014-06-22 12:48 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 22:59 - 2014-06-22 13:37 - 00000000 ____D () C:\Qoobox
2015-01-08 22:59 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2015-01-08 22:59 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2015-01-08 22:55 - 2006-11-02 10:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-03 12:27 - 2014-07-27 17:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 12:26 - 2014-10-11 19:14 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-28 23:02 - 2013-12-10 11:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-28 17:08 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-28 16:20 - 2013-12-10 20:50 - 00000000 ____D () C:\Users\Olly\AppData\Local\Downloaded Installations
2014-12-27 16:26 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\tapi
2014-12-27 15:52 - 2014-06-22 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 15:50 - 2013-12-10 15:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-19 13:59 - 2013-12-09 21:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 13:59 - 2013-12-09 21:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 21:50 - 2014-11-12 18:15 - 00000000 ____D () C:\Users\Olly\Desktop\WELDING
2014-12-11 08:58 - 2014-08-12 05:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 08:58 - 2013-12-10 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-11 08:58 - 2013-12-10 12:52 - 00000000 ____D () C:\Program Files\Avira

Some content of TEMP:
====================
C:\Users\Olly\AppData\Local\Temp\avgnt.exe
C:\Users\Olly\AppData\Local\Temp\Quarantine.exe
C:\Users\Olly\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-10 15:02

==================== End Of Log ============================







Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by Olly at 2015-01-10 16:06:12
Running from C:\Users\Olly\Desktop\security\TEMP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.14 - Broadcom Corporation)
BT Desktop Help (HKLM\...\BT Desktop Help) (Version: - )
BT Toolbar (HKLM\...\bttb) (Version: 1.0.0.36 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
CleanMem (HKLM\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.31.1111 - Foxit Corporation)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
DriverToolkit version 8.4.0.0 (HKLM\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
Dropbox (HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eSupport UndeletePlus 3.0.4.918 (HKLM\...\eSupport UndeletePlus_is1) (Version: - Copyright © 2013 eSupport.com All Rights Reserved)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Free Videos To DVD V 4.0.0 (HKLM\...\Free Videos To DVD_is1) (Version: 4.0.0.0 - Koyote soft)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HAL 9000 [Full Screen] Basic Screen Saver (HKLM\...\HAL 9000 [Full Screen] Basic) (Version: - )
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 en-GB)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
OpenOffice 4.0.1 (HKLM\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.34.03 - )
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SiSoftware Sandra Lite 2014.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.21.2014.3 - SiSoftware)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
SpeedswitchXP V1.5 (HKLM\...\SpeedswitchXP) (Version: 1.5 - Christian Diefer)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Survex 1.2.16 (HKLM\...\Survex_is1) (Version: 1.2.16 - The Survex Project)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version: - Crystal Dynamics)
Unity Web Player (HKU\S-1-5-21-1796357883-2258083618-2017668075-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VODO Player (HKLM\...\VODO VODO Player) (Version: 1.0 - VODO)
Voxengo Elephant (HKLM\...\Voxengo Elephant_is1) (Version: 4.1 - Voxengo)
xplorer² lite 32 bit (HKLM\...\xplorer2l) (Version: 2.4.0.1 - Zabkat)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Olly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Olly\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1796357883-2258083618-2017668075-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Olly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2015-01-08 22:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A3CAF73-33C0-495D-B2BB-C131DD3491B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {22ECEA43-1E6A-4816-A7C1-59F9A9261E23} - System32\Tasks\CleanMem Mini Monitor => D:\Program Files\CleanMem\mini_monitor.exe [2012-09-20] (PcWinTech.com)
Task: {2F8D3A8F-A7F8-40EB-A159-6AAE42107BA0} - System32\Tasks\Clean System Memory => C:\Windows\system32\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: {406ECBD5-A190-459F-A922-EB4B1A27406C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {4C7D9FAE-A4FA-4FB1-8D19-146968600CBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {57ABECE9-CD6E-4E3A-B11B-6B4EB14F8B18} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E000AD0-651E-4EBB-848A-5BA3C6615707} - System32\Tasks\MyDefrag v4.3.1 Monthly => D:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {93E0B15A-11ED-4588-BF70-CF9049786448} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {9BB930FC-5DB8-49BC-9A86-411F2E673B9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D6F91DAF-C837-44EE-8323-9EFBCE598631} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.)
Task: {FF22F29D-1384-4A2C-8B12-8D35B56EDF44} - System32\Tasks\MyDefrag v4.3.1 Daily => D:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00031080 _____ () D:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00607376 _____ () D:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 11:33 - 2014-05-27 11:33 - 00059752 _____ () D:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00036216 _____ () D:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 11:33 - 2014-05-27 11:33 - 00080248 _____ () D:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-12-12 19:13 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:13 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-19 21:21 - 2014-12-19 21:21 - 03339376 _____ () D:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-19 21:21 - 2014-12-19 21:21 - 00158832 _____ () D:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-19 21:21 - 2014-12-19 21:21 - 00023152 _____ () D:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: BT Help Wizard => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\startupfolder: C:^Users^Olly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice 4.0.1.lnk => C:\Windows\pss\OpenOffice 4.0.1.lnk.Startup
MSCONFIG\startupreg: btbb_McciTrayApp => "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

========================= Accounts: ==========================

Administrator (S-1-5-21-1796357883-2258083618-2017668075-500 - Administrator - Disabled)
Guest (S-1-5-21-1796357883-2258083618-2017668075-501 - Limited - Disabled)
Olly (S-1-5-21-1796357883-2258083618-2017668075-1000 - Administrator - Enabled) => C:\Users\Olly
UpdatusUser (S-1-5-21-1796357883-2258083618-2017668075-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 02:54:00 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Failed to load protocol handler Search.CscHandler.1. Error description: Not enough storage is available to complete this operation. .

Error: (01/10/2015 02:49:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:47:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:46:39 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Failed to load protocol handler Search.CscHandler.1. Error description: Not enough storage is available to complete this operation. .

Error: (01/10/2015 02:45:39 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (01/10/2015 02:44:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:42:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:41:39 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Failed to load protocol handler Search.CscHandler.1. Error description: Not enough storage is available to complete this operation. .

Error: (01/10/2015 02:40:29 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (01/10/2015 02:39:32 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )


System errors:
=============
Error: (01/10/2015 03:00:03 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/10/2015 02:57:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/10/2015 02:55:49 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.

Error: (01/10/2015 02:53:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (01/10/2015 02:52:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/10/2015 02:50:49 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.

Error: (01/10/2015 02:51:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:49:35 on 10/01/2015 was unexpected.

Error: (01/10/2015 01:39:56 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x80004005

Error: (01/10/2015 01:39:56 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: 0x8007000e

Error: (01/10/2015 01:29:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (01/10/2015 02:54:00 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Search.CscHandler.1Not enough storage is available to complete this operation.

Error: (01/10/2015 02:49:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:47:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:46:39 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Search.CscHandler.1Not enough storage is available to complete this operation.

Error: (01/10/2015 02:45:39 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (01/10/2015 02:44:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:42:42 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )

Error: (01/10/2015 02:41:39 PM) (Source: Windows Search Service) (EventID: 3084) (User: )
Description: Search.CscHandler.1Not enough storage is available to complete this operation.

Error: (01/10/2015 02:40:29 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
This operation returned because the timeout period expired. (0x800705b4)

Error: (01/10/2015 02:39:32 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description:
Details:
0 (0x8007000e - Not enough storage is available to complete this operation. )


CodeIntegrity Errors:
===================================
Date: 2015-01-08 23:21:15.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:15.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 23:21:14.390
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 21:59:38.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-08 21:59:38.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5670 @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 2045.43 MB
Available physical RAM: 1196.17 MB
Total Pagefile: 4307.89 MB
Available Pagefile: 2760.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:26.37 GB) (Free:1.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Program_files) (Fixed) (Total:146.48 GB) (Free:3.53 GB) NTFS
Drive e: (Media) (Fixed) (Total:117.19 GB) (Free:2.06 GB) NTFS
Drive f: () (Fixed) (Total:8.04 GB) (Free:0.7 GB) NTFS
Drive g: () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: E9A2E9A2)
Partition 1: (Active) - (Size=26.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271.7 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=8 MB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by ollyk, 10 January 2015 - 11:09 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 PM

Posted 10 January 2015 - 11:09 AM

Hey. :)

What have you done to the Log? I can't read it.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 ollyk

ollyk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 January 2015 - 11:21 AM

Hi Machhiavelli, yes when I paste it all looks fine, but post all formatting is lost! Now if I edit then save it is ok again... Does it look good now ^^^??



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 PM

Posted 10 January 2015 - 11:27 AM

Yes. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 ollyk

ollyk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 January 2015 - 04:08 PM

Sorry no reply have been quite ill!

ADW R0
 

# AdwCleaner v4.107 - Report created 08/01/2015 at 23:05:40
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Business  (32 bits)
# Username : Olly - LAPPY
# Running from : C:\Users\Olly\Desktop\security\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Olly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Folder Found : C:\Users\Olly\AppData\Local\Max Secure Software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Myfree Codec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2893 octets] - [08/01/2015 23:05:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2953 octets] ##########


R1


# AdwCleaner v4.107 - Report created 10/01/2015 at 19:33:18
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Business  (32 bits)
# Username : Olly - LAPPY
# Running from : C:\Users\Olly\Desktop\security\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
Folder Found : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3033 octets] - [08/01/2015 23:05:40]
AdwCleaner[R1].txt - [978 octets] - [10/01/2015 19:33:19]
AdwCleaner[S0].txt - [3142 octets] - [08/01/2015 23:08:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1097 octets] ##########



S0


# AdwCleaner v4.107 - Report created 08/01/2015 at 23:08:00
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Business  (32 bits)
# Username : Olly - LAPPY
# Running from : C:\Users\Olly\Desktop\security\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Users\Olly\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
File Deleted : C:\Users\Olly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3033 octets] - [08/01/2015 23:05:40]
AdwCleaner[S0].txt - [3002 octets] - [08/01/2015 23:08:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3062 octets] ##########



S1


# AdwCleaner v4.107 - Report created 10/01/2015 at 19:41:10
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows Vista ™ Business  (32 bits)
# Username : Olly - LAPPY
# Running from : C:\Users\Olly\Desktop\security\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
File Deleted : C:\Users\Olly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3033 octets] - [08/01/2015 23:05:40]
AdwCleaner[R1].txt - [1177 octets] - [10/01/2015 19:33:19]
AdwCleaner[S0].txt - [3142 octets] - [08/01/2015 23:08:00]
AdwCleaner[S1].txt - [1103 octets] - [10/01/2015 19:41:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1163 octets] ##########
 


#8 ollyk

ollyk
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 January 2015 - 04:10 PM

Malwarebytes
 

Malwarebytes Anti-Malware
www.malwarebytes.org



That is all there!? Might try again.. 

JRT
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Business x86
Ran by Olly on 10/01/2015 at 21:34:06.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Olly\AppData\Roaming\mozilla\firefox\profiles\cywz9z9z.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/01/2015 at 21:46:51.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST scan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Business x86
Ran by Olly on 10/01/2015 at 21:34:06.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Olly\AppData\Roaming\mozilla\firefox\profiles\cywz9z9z.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/01/2015 at 21:46:51.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 PM

Posted 14 January 2015 - 10:27 AM

What's with Step 4? :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 PM

Posted 18 January 2015 - 09:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users