Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer running very slow


  • This topic is locked This topic is locked
7 replies to this topic

#1 terrier460

terrier460

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 26 January 2015 - 12:38 PM

Hi. I'm not sure if this is related to malware or not, but my computer has become incredibly slow and struggling to load things like videos at all. I've cleared up plently of space on the hard disk and I've gone through the guide and followed the steps of how to remedy this, but it doesn't seem to have made a significant difference. Any help would be appreciated. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by nick (administrator) on nick-PC on 26-01-2015 17:24:03
Running from C:\Users\nick\Downloads
Loaded Profiles: nick (Available profiles: nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\...\MountPoints2: {cfd1d4f3-0649-11e1-b793-806e6f6e6963} - E:\VersionControl.exe
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
ShortcutTarget: Update Agent.lnk -> C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe (Birdstep Technology)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
URLSearchHook: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> DefaultScope {61E1A562-1B3A-4678-A01E-8986BBD071E6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {61E1A562-1B3A-4678-A01E-8986BBD071E6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {7C7EC85F-B82E-497E-833B-A78410360417} URL = http://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={008CFC76-17DF-4922-864F-60DE44AFB6D7}&mid=832cb8af867747d1acb369e529065bdf-c7c307702ef8ae7f92df63a5f9f90f4b4dce6452&lang=en&ds=AVG&pr=fr&d=2012-09-08 08:53:49&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.co.uk
FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1039495472-1995307564-2236840037-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Adblock Plus - C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-17]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]

Chrome:
=======
CHR Profile: C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Google Docs) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (YouTube) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Google Search) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Skype Click to Call) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-21]
CHR Extension: (AVG Security Toolbar) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (Gmail) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]

Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/"
OPR Extension: (Adblock Plus) - C:\Users\nick\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-19]
StartMenuInternet: Opera - C:\Program Files (x86)\Opera\Opera.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2007-05-28] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 17:24 - 2015-01-26 17:25 - 00020582 _____ () C:\Users\nick\Downloads\FRST.txt
2015-01-26 16:55 - 2015-01-26 17:24 - 00000000 ____D () C:\FRST
2015-01-26 16:53 - 2015-01-26 16:53 - 02129920 _____ (Farbar) C:\Users\nick\Downloads\FRST64.exe
2015-01-26 16:48 - 2015-01-26 16:48 - 02001540 _____ () C:\Users\nick\Downloads\pc-decrapifier-3.0.0.exe
2015-01-26 16:33 - 2015-01-26 16:33 - 00003288 ____N () C:\bootsqm.dat
2015-01-26 16:12 - 2015-01-26 16:34 - 00000112 _____ () C:\Windows\setupact.log
2015-01-26 16:12 - 2015-01-26 16:12 - 00000736 _____ () C:\Windows\PFRO.log
2015-01-26 16:12 - 2015-01-26 16:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-26 15:32 - 2015-01-26 15:32 - 00000000 ____D () C:\Users\nick\Downloads\Whiplash 2014 HDRIP x264 AC3 TiTAN [OMT]
2015-01-26 15:31 - 2015-01-26 15:32 - 00000000 ____D () C:\Users\nick\Downloads\Inherent.Vice.2014.DVDSCR.XviD.AC3-EVO
2015-01-21 12:47 - 2013-03-20 19:27 - 00861088 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-01-21 12:47 - 2013-03-20 19:27 - 00782240 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-01-21 12:43 - 2015-01-21 12:43 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 12:43 - 2015-01-21 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 12:41 - 2015-01-21 12:41 - 00639400 _____ (Oracle Corporation) C:\Users\nick\Downloads\chromeinstall-8u31.exe
2015-01-21 12:37 - 2015-01-24 07:56 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 12:37 - 2015-01-21 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-20 18:58 - 2015-01-20 19:00 - 00000000 ____D () C:\Users\nick\Downloads\Comedy.Bang.Bang.S04E02.HDTV.x264-YesTV[rarbg]
2015-01-19 21:04 - 2015-01-19 21:04 - 00016909 _____ () C:\Users\nick\Desktop\Opera 12 Notes.html
2015-01-19 21:04 - 2015-01-19 21:04 - 00003816 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421701425
2015-01-19 21:04 - 2015-01-19 21:04 - 00000000 ____D () C:\Users\nick\AppData\Roaming\Opera Software
2015-01-19 21:04 - 2015-01-19 21:04 - 00000000 ____D () C:\Users\nick\AppData\Local\Opera Software
2015-01-19 21:03 - 2015-01-19 21:03 - 00001101 _____ () C:\Users\Public\Desktop\Opera 26.lnk
2015-01-19 21:03 - 2015-01-19 21:03 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk
2015-01-17 05:24 - 2015-01-17 05:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 19:50 - 2015-01-16 19:55 - 00000000 ____D () C:\Users\nick\Downloads\Birdman.2014.DVDSCR.X264-PLAYNOW
2015-01-15 09:17 - 2015-01-15 09:18 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-01-14 08:29 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:29 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:29 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:29 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:29 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:29 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:29 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:29 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:29 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:29 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:29 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:29 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:29 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 14:47 - 2015-01-10 14:48 - 00000000 ____D () C:\Users\nick\Downloads\Mia
2015-01-06 18:57 - 2015-01-06 18:57 - 00000000 __SHD () C:\Users\nick\AppData\Local\EmieBrowserModeList
2015-01-06 18:52 - 2015-01-06 18:53 - 13087456 _____ (Microsoft Corporation) C:\Users\nick\Downloads\Silverlight_x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 16:58 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 16:58 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 16:43 - 2011-07-24 22:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 16:39 - 2014-03-27 06:08 - 02089076 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 16:36 - 2011-04-21 08:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-26 16:35 - 2013-05-31 15:35 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-26 16:35 - 2011-07-24 22:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 16:35 - 2011-04-21 09:01 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-26 16:35 - 2011-04-21 09:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-26 16:34 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 16:12 - 2012-06-12 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 15:35 - 2013-03-02 20:36 - 00000000 ____D () C:\Users\nick\AppData\Roaming\uTorrent
2015-01-26 12:45 - 2012-09-09 15:22 - 00000000 ____D () C:\Users\nick\AppData\Roaming\vlc
2015-01-26 11:50 - 2011-06-06 18:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 16:01 - 2013-05-22 14:44 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-24 20:30 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 16:57 - 2011-06-10 14:15 - 00000000 ____D () C:\ProgramData\Soulseek
2015-01-22 15:22 - 2014-08-22 21:12 - 00009784 _____ () C:\Users\nick\Documents\julian2.m3u
2015-01-21 12:47 - 2011-04-21 08:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 12:43 - 2013-03-20 19:28 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 12:37 - 2011-07-24 22:13 - 00000000 ____D () C:\Users\nick\AppData\Local\Google
2015-01-21 12:37 - 2011-07-24 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 21:04 - 2013-03-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-20 03:41 - 2011-08-15 10:24 - 00000000 ____D () C:\Users\nick\AppData\Roaming\SoftGrid Client
2015-01-15 09:18 - 2014-09-27 19:09 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-15 09:17 - 2014-09-03 14:01 - 00000000 ____D () C:\Users\nick\AppData\Roaming\Canon
2015-01-15 03:29 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2013-03-20 18:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 14:44 - 2012-08-28 12:11 - 00000000 ____D () C:\Users\nick\Desktop\All Mums Photographs
2015-01-10 14:21 - 2013-04-22 10:00 - 00000000 ____D () C:\Users\nick\Desktop\cvs
2015-01-06 20:56 - 2012-05-25 08:12 - 00000000 ____D () C:\Users\nick\AppData\Local\Paint.NET

==================== Files in the root of some directories =======

2013-06-26 16:59 - 2014-06-22 20:50 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-03-20 07:18 - 2014-12-15 02:10 - 0108198 _____ () C:\Users\nick\AppData\Local\ars.cache
2012-03-20 07:20 - 2014-12-15 02:10 - 0949268 _____ () C:\Users\nick\AppData\Local\census.cache
2012-03-20 06:47 - 2012-03-20 06:47 - 0000036 _____ () C:\Users\nick\AppData\Local\housecall.guid.cache
2011-07-09 17:52 - 2011-07-09 17:52 - 0000236 _____ () C:\Users\nick\AppData\Local\LaunchHomeCenter.log
2013-04-07 19:52 - 2013-04-07 19:52 - 0000871 _____ () C:\Users\nick\AppData\Local\recently-used.xbel
2014-12-15 01:53 - 2014-12-15 01:53 - 0000010 _____ () C:\Users\nick\AppData\Local\sponge.last.runtime.cache

Some content of TEMP:
====================
C:\Users\nick\AppData\Local\Temp\msvcp120.dll
C:\Users\nick\AppData\Local\Temp\msvcr120.dll
C:\Users\nick\AppData\Local\Temp\pc-decrapifier.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 03:39

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 PM

Posted 27 January 2015 - 03:18 PM

Hi terrier460,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Follow This Topic:

Locate the Follow this topic button in the upper right hand corner. Click it schedule email notifictaions when a new reply is posted.

BCFollowTopic_zpsd4961dce.gif

Place a check mark in the box, and choose to receive notifications Instantly.

BCFollowTopic2_zpsd50a8b55.gif

The click the Follow This Topic button as shown.

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • AVG Secure Search
  • AVG Security Toolbar
=========================

Before proceeding with the script below move the FRST program to your Desktop.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
URLSearchHook: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {7C7EC85F-B82E-497E-833B-A78410360417} URL = http://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={008CFC76-17DF-4922-864F-60DE44AFB6D7}&mid=832cb8af867747d1acb369e529065bdf-c7c307702ef8ae7f92df63a5f9f90f4b4dce6452&lang=en&ds=AVG&pr=fr&d=2012-09-08 08:53:49&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
CHR Extension: (AVG Security Toolbar) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [Not Found]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
C:\Users\nick\AppData\Local\Temp\msvcp120.dll
C:\Users\nick\AppData\Local\Temp\msvcr120.dll
C:\Users\nick\AppData\Local\Temp\pc-decrapifier.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{6F294EEB-650C-4606-BD87-DDF7397E2859}.exe
2012-09-08 07:53 - 2014-08-25 18:08 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-08-14 02:55 - 2014-08-14 02:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-14 02:55 - 2014-08-14 02:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
EmptyTemp:
CMD: ipconfig /flushdns
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • new FRST.txt

Edited by OCD, 27 January 2015 - 03:19 PM.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#3 terrier460

terrier460
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 28 January 2015 - 08:42 AM

Hi, thanks for the help, it is much appreciated. here are the requested logs:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by nick at 2015-01-28 12:19:09 Run:1
Running from C:\Users\nick\Desktop
Loaded Profiles: nick (Available profiles: nick)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
URLSearchHook: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {7C7EC85F-B82E-497E-833B-A78410360417} URL = http://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instdhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;v=$verhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;i=$dchidhttp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=ukamp;tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={008CFC76-17DF-4922-864F-60DE44AFB6D7}&mid=832cb8af867747d1acb369e529065bdf-c7c307702ef8ae7f92df63a5f9f90f4b4dce6452&lang=en&ds=AVG&pr=fr&d=2012-09-08 08:53:49&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
CHR Extension: (AVG Security Toolbar) - C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-21]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [Not Found]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
C:\Users\nick\AppData\Local\Temp\msvcp120.dll
C:\Users\nick\AppData\Local\Temp\msvcr120.dll
C:\Users\nick\AppData\Local\Temp\pc-decrapifier.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{6F294EEB-650C-4606-BD87-DDF7397E2859}.exe
2012-09-08 07:53 - 2014-08-25 18:08 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-08-14 02:55 - 2014-08-14 02:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-14 02:55 - 2014-08-14 02:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
"HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key deleted successfully.
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C7EC85F-B82E-497E-833B-A78410360417} => Key not found.
HKCR\CLSID\{7C7EC85F-B82E-497E-833B-A78410360417} => Key not found.
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
"HKCR\PROTOCOLS\Handler\avgsecuritytoolbar" => Key deleted successfully.
HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => Key not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => Value not found.
C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 not found.
C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => Key deleted successfully.
vToolbarUpdater18.1.9 => Service not found.
"C:\Users\nick\AppData\Local\Temp\msvcp120.dll" => File/Directory not found.
"C:\Users\nick\AppData\Local\Temp\msvcr120.dll" => File/Directory not found.
"C:\Users\nick\AppData\Local\Temp\pc-decrapifier.exe" => File/Directory not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 341.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:19:18 ====

 

 

 

 

 

 

 

checkup:

 

 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Java 64-bit 8 Update 31  
  Adobe Flash Player 11.9.900.117 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

aswMBR:

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-28 12:38:50
-----------------------------
12:38:50.321    OS Version: Windows x64 6.1.7601 Service Pack 1
12:38:50.321    Number of processors: 1 586 0x1601
12:38:50.323    ComputerName: nick-PC  UserName: nick
12:38:50.929    Initialize success
12:38:51.017    VM: initialized successfully
12:38:51.019    VM: Intel CPU virtualization not supported
12:41:24.733    AVAST engine defs: 15012800
12:43:16.418    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:43:16.422    Disk 0 Vendor: SAMSUNG_ 1AR1 Size: 305245MB BusType: 3
12:43:16.543    Disk 0 MBR read successfully
12:43:16.548    Disk 0 MBR scan
12:43:16.555    Disk 0 Windows 7 default MBR code
12:43:16.559    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      125 MB offset 63
12:43:16.575    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        14142 MB offset 258048
12:43:16.581    Disk 0 Boot: NTFS     code=1
12:43:16.602    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290976 MB offset 29220864
12:43:16.631    Disk 0 scanning C:\Windows\system32\drivers
12:43:31.757    Service scanning
12:44:01.207    Modules scanning
12:44:01.222    Disk 0 trace - called modules:
12:44:01.250    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
12:44:01.258    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002721060]
12:44:01.266    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002278050]
12:44:01.704    AVAST engine scan C:\Windows
12:44:04.677    AVAST engine scan C:\Windows\system32
12:48:56.831    AVAST engine scan C:\Windows\system32\drivers
12:49:13.618    AVAST engine scan C:\Users\nick
13:09:57.954    AVAST engine scan C:\ProgramData
13:22:57.083    Disk 0 statistics 4476432/0/0 @ 1.35 MB/s
13:22:57.098    Scan finished successfully
13:28:00.909    Disk 0 MBR has been saved successfully to "C:\Users\nick\Desktop\MBR.dat"
13:28:00.941    The log file has been saved successfully to "C:\Users\nick\Desktop\aswMBR.txt"

 

 

new FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by nick (administrator) on nick-PC on 28-01-2015 13:31:01
Running from C:\Users\nick\Desktop
Loaded Profiles: nick (Available profiles: nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.54\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\...\MountPoints2: {cfd1d4f3-0649-11e1-b793-806e6f6e6963} - E:\VersionControl.exe
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
ShortcutTarget: Update Agent.lnk -> C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe (Birdstep Technology)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKU\S-1-5-21-1039495472-1995307564-2236840037-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> DefaultScope {61E1A562-1B3A-4678-A01E-8986BBD071E6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1039495472-1995307564-2236840037-1000 -> {61E1A562-1B3A-4678-A01E-8986BBD071E6} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.co.uk
FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1039495472-1995307564-2236840037-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\searchplugins\yahoo_ff.xml
FF Extension: Adblock Plus - C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]

Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/"
OPR Extension: (Adblock Plus) - C:\Users\nick\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2007-05-28] () [File not signed]
U3 aswMBR; \??\C:\Users\nick\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\nick\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 13:28 - 2015-01-28 13:28 - 00002099 _____ () C:\Users\nick\Desktop\aswMBR.txt
2015-01-28 13:28 - 2015-01-28 13:28 - 00000570 _____ () C:\Users\nick\Desktop\MBR.zip
2015-01-28 13:28 - 2015-01-28 13:28 - 00000512 _____ () C:\Users\nick\Desktop\MBR.dat
2015-01-28 12:38 - 2015-01-28 12:38 - 00000988 _____ () C:\Users\nick\Desktop\checkup.txt
2015-01-28 12:28 - 2015-01-28 12:28 - 05198336 _____ (AVAST Software) C:\Users\nick\Downloads\aswMBR.exe
2015-01-28 12:28 - 2015-01-28 12:28 - 05198336 _____ (AVAST Software) C:\Users\nick\Desktop\aswMBR.exe
2015-01-28 12:27 - 2015-01-28 12:27 - 00852573 _____ () C:\Users\nick\Desktop\SecurityCheck (3).exe
2015-01-28 12:26 - 2015-01-28 12:26 - 00852573 _____ () C:\Users\nick\Downloads\SecurityCheck.exe
2015-01-28 12:26 - 2015-01-28 12:26 - 00852573 _____ () C:\Users\nick\Downloads\SecurityCheck (2).exe
2015-01-28 12:26 - 2015-01-28 12:26 - 00852573 _____ () C:\Users\nick\Downloads\SecurityCheck (1).exe
2015-01-28 12:20 - 2015-01-28 12:20 - 00000056 _____ () C:\Windows\setupact.log
2015-01-28 12:20 - 2015-01-28 12:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 12:16 - 2015-01-28 12:16 - 02129920 _____ (Farbar) C:\Users\nick\Desktop\FRST64.exe
2015-01-27 09:07 - 2015-01-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 17:33 - 2015-01-28 13:31 - 00016308 _____ () C:\Users\nick\Desktop\FRST.txt
2015-01-26 17:33 - 2015-01-26 17:33 - 00032129 _____ () C:\Users\nick\Desktop\Addition.txt
2015-01-26 17:26 - 2015-01-26 17:33 - 00032129 _____ () C:\Users\nick\Downloads\Addition.txt
2015-01-26 17:24 - 2015-01-26 17:27 - 00030851 _____ () C:\Users\nick\Downloads\FRST.txt
2015-01-26 16:55 - 2015-01-28 13:31 - 00000000 ____D () C:\FRST
2015-01-26 16:53 - 2015-01-26 16:53 - 02129920 _____ (Farbar) C:\Users\nick\Downloads\FRST64.exe
2015-01-26 16:48 - 2015-01-26 16:48 - 02001540 _____ () C:\Users\nick\Downloads\pc-decrapifier-3.0.0.exe
2015-01-26 15:32 - 2015-01-26 15:32 - 00000000 ____D () C:\Users\nick\Downloads\Whiplash 2014 HDRIP x264 AC3 TiTAN [OMT]
2015-01-26 15:31 - 2015-01-26 15:32 - 00000000 ____D () C:\Users\nick\Downloads\Inherent.Vice.2014.DVDSCR.XviD.AC3-EVO
2015-01-21 12:47 - 2013-03-20 19:27 - 00861088 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-01-21 12:47 - 2013-03-20 19:27 - 00782240 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-01-21 12:43 - 2015-01-21 12:43 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 12:43 - 2015-01-21 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 12:41 - 2015-01-21 12:41 - 00639400 _____ (Oracle Corporation) C:\Users\nick\Downloads\chromeinstall-8u31.exe
2015-01-20 18:58 - 2015-01-20 19:00 - 00000000 ____D () C:\Users\nick\Downloads\Comedy.Bang.Bang.S04E02.HDTV.x264-YesTV[rarbg]
2015-01-19 21:04 - 2015-01-27 21:04 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1421701425
2015-01-19 21:04 - 2015-01-19 21:04 - 00016909 _____ () C:\Users\nick\Desktop\Opera 12 Notes.html
2015-01-19 21:04 - 2015-01-19 21:04 - 00000000 ____D () C:\Users\nick\AppData\Roaming\Opera Software
2015-01-19 21:04 - 2015-01-19 21:04 - 00000000 ____D () C:\Users\nick\AppData\Local\Opera Software
2015-01-19 21:03 - 2015-01-19 21:03 - 00001101 _____ () C:\Users\Public\Desktop\Opera 27.lnk
2015-01-19 21:03 - 2015-01-19 21:03 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
2015-01-16 19:50 - 2015-01-16 19:55 - 00000000 ____D () C:\Users\nick\Downloads\Birdman.2014.DVDSCR.X264-PLAYNOW
2015-01-15 09:17 - 2015-01-15 09:18 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-01-14 08:29 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:29 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:29 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:29 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:29 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:29 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:29 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:29 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:29 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:29 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:29 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:29 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:29 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 14:47 - 2015-01-10 14:48 - 00000000 ____D () C:\Users\nick\Downloads\Mia
2015-01-06 18:57 - 2015-01-06 18:57 - 00000000 __SHD () C:\Users\nick\AppData\Local\EmieBrowserModeList
2015-01-06 18:52 - 2015-01-06 18:53 - 13087456 _____ (Microsoft Corporation) C:\Users\nick\Downloads\Silverlight_x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 12:43 - 2011-07-24 22:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 12:28 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 12:28 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 12:26 - 2014-03-27 06:08 - 01168608 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 12:21 - 2011-07-24 22:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 12:21 - 2011-04-21 09:01 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-28 12:21 - 2011-04-21 09:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-28 12:21 - 2011-04-21 08:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-28 12:20 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 12:19 - 2012-09-08 07:53 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-01-28 11:53 - 2009-07-14 05:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 11:38 - 2011-07-24 22:13 - 00000000 ____D () C:\Users\nick\AppData\Local\Google
2015-01-28 11:38 - 2011-07-24 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 11:34 - 2012-06-12 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 09:38 - 2011-06-06 18:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 06:08 - 2013-03-02 20:36 - 00000000 ____D () C:\Users\nick\AppData\Roaming\uTorrent
2015-01-27 21:04 - 2013-03-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-27 16:01 - 2013-05-22 14:44 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-27 05:56 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-26 12:45 - 2012-09-09 15:22 - 00000000 ____D () C:\Users\nick\AppData\Roaming\vlc
2015-01-22 16:57 - 2011-06-10 14:15 - 00000000 ____D () C:\ProgramData\Soulseek
2015-01-22 15:22 - 2014-08-22 21:12 - 00009784 _____ () C:\Users\nick\Documents\julian2.m3u
2015-01-21 12:47 - 2011-04-21 08:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 12:43 - 2013-03-20 19:28 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 12:43 - 2013-03-20 19:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 03:41 - 2011-08-15 10:24 - 00000000 ____D () C:\Users\nick\AppData\Roaming\SoftGrid Client
2015-01-15 09:18 - 2014-09-27 19:09 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-15 09:17 - 2014-09-03 14:01 - 00000000 ____D () C:\Users\nick\AppData\Roaming\Canon
2015-01-15 03:29 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2013-03-20 18:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 14:44 - 2012-08-28 12:11 - 00000000 ____D () C:\Users\nick\Desktop\All Mums Photographs
2015-01-10 14:21 - 2013-04-22 10:00 - 00000000 ____D () C:\Users\nick\Desktop\cvs
2015-01-06 20:56 - 2012-05-25 08:12 - 00000000 ____D () C:\Users\nick\AppData\Local\Paint.NET

==================== Files in the root of some directories =======

2013-06-26 16:59 - 2014-06-22 20:50 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-03-20 07:18 - 2014-12-15 02:10 - 0108198 _____ () C:\Users\nick\AppData\Local\ars.cache
2012-03-20 07:20 - 2014-12-15 02:10 - 0949268 _____ () C:\Users\nick\AppData\Local\census.cache
2012-03-20 06:47 - 2012-03-20 06:47 - 0000036 _____ () C:\Users\nick\AppData\Local\housecall.guid.cache
2011-07-09 17:52 - 2011-07-09 17:52 - 0000236 _____ () C:\Users\nick\AppData\Local\LaunchHomeCenter.log
2013-04-07 19:52 - 2013-04-07 19:52 - 0000871 _____ () C:\Users\nick\AppData\Local\recently-used.xbel
2014-12-15 01:53 - 2014-12-15 01:53 - 0000010 _____ () C:\Users\nick\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 03:39

==================== End Of Log ============================



#4 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 PM

Posted 28 January 2015 - 11:08 AM

Hi terrier460,

Logs are looking better.

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • How is the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#5 terrier460

terrier460
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 29 January 2015 - 05:09 AM

Hi, it does seem to be running a lot better now, the internet is loading streaming videos and things. So thats great thanks. here are the logs you asked for:

 

# AdwCleaner v4.109 - Report created 28/01/2015 at 18:18:11
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nick - nick-PC
# Running from : C:\Users\nick\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\nick\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\nick\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\nick\AppData\Local\Conduit
Folder Deleted : C:\Users\nick\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\nick\AppData\LocalLow\Conduit
File Deleted : C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\foxydeal.sqlite
File Deleted : C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\invalidprefs.js
File Deleted : C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\user.js
File Deleted : C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\l4evt6i9.default\searchplugins\yahoo_ff.xml
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[l4evt6i9.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[l4evt6i9.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[l4evt6i9.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[l4evt6i9.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");
[l4evt6i9.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "PZQ4BX0SHB6OFHLZWIE5BFUWVGJUTYFUDFQO/3CDF03JYAGESMY/HJZB120EC2YD84K3P3VAYH8VNF9A5VORNA");
 
-\\ Opera v27.0.1689.54
 
 
*************************
 
AdwCleaner[R0].txt - [4134 octets] - [28/01/2015 18:01:31]
AdwCleaner[R1].txt - [4192 octets] - [28/01/2015 18:06:07]
AdwCleaner[S0].txt - [4073 octets] - [28/01/2015 18:18:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4133 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by nick on 28/01/2015 at 18:22:37.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\nick\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\nick\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\nick\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\nick\appdata\local\{0FA9FC23-0A68-4E51-9704-822D0D717FA7}
Successfully deleted: [Empty Folder] C:\Users\nick\appdata\local\{184FF082-8743-4A37-B430-740F56535056}
Successfully deleted: [Empty Folder] C:\Users\nick\appdata\local\{5808CC11-4C94-41E3-B049-8559274CF079}
Successfully deleted: [Empty Folder] C:\Users\nick\appdata\local\{A89F67F7-2DA1-47FD-9B0A-A2C09EF77D10}
Successfully deleted: [Empty Folder] C:\Users\nick\appdata\local\{C9DE45D1-4AE4-48B1-99CE-9B81948BAC11}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\nick\AppData\Roaming\mozilla\firefox\profiles\l4evt6i9.default\prefs.js
 
user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363981722318,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
Emptied folder: C:\Users\nick\AppData\Roaming\mozilla\firefox\profiles\l4evt6i9.default\minidumps [85 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2015 at 18:32:01.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 PM

Posted 29 January 2015 - 10:51 AM

Hi terrier460,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#7 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 PM

Posted 01 February 2015 - 11:07 PM

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 PM

Posted 03 February 2015 - 11:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users