Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DownLite and Positive Finds removal FRST log


  • This topic is locked This topic is locked
19 replies to this topic

#1 camplate

camplate

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 03 February 2015 - 05:54 PM

Hello. I have found these two problems in this FRST file.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by camplate (administrator) on CAMPLATE-PC on 02-02-2015 18:41:37
Running from C:\Users\camplate\Downloads
Loaded Profiles: camplate (Available profiles: camplate & Karen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Windows\System32\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Akamai Technologies, Inc.) C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2007-03-22] (TOSHIBA Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4472832 2007-05-28] (Realtek Semiconductor)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [49168 2006-12-03] (UPEK Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [IaNvSrv] => C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33048 2007-03-13] (Intel Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [58112 2009-11-06] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [4793088 2009-11-06] (Space Sciences Laboratory)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [CSV To Fixed Width Text File Batch Converter Software.exe] => [X]
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [PMCLoader] => C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [Akamai NetSession Interface] => C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 12\SwHelper_1211151.exe [1308360 2014-04-15] (Adobe Systems, Inc.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\RunOnce: [Adobe Speed Launcher] => 1422578783
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: {01c00ddb-b17a-11e2-8064-8ab3356fbe75} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: {f50328d6-b4f3-11dd-ba18-001b3813a349} - H:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File Not Found
AppInit_DLLs: , C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite QL\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite QL\farchns.dll (UPEK Inc.)
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-19]
FF HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Firefox\Extensions: [{03ED094E-6546-4294-96BD-7714E87DA888}] - C:\Users\camplate\AppData\Roaming\My.Freeze.com NetAssistant
FF Extension: My.Freeze.com NetAssistant - C:\Users\camplate\AppData\Roaming\My.Freeze.com NetAssistant [2010-07-31]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.goodsearch.com/"
CHR DefaultSearchKeyword: Default -> goodsearch.com
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Google Search) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Video Downloader professional) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-08-10]
CHR Extension: (AdBlock) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-11]
CHR Extension: (Avast Online Security) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-19]
CHR Extension: (Ghostery) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-26] (Avast Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2014-06-25] (Juniper Networks, Inc.)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
S2 gupdate1c966186c48fdc3; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [158832 2012-07-10] (Juniper Networks, Inc.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [549624 2015-02-02] ()
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [77824 2007-05-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-02-02] ()
R2 WebUpdate4; C:\Windows\system32\WebUpdateSvc4.exe [291088 2011-06-23] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-03-04] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software) [File not signed]
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-08-02] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB smartcard reader)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 Ser2rs; C:\Windows\System32\DRIVERS\ser2rs.sys [76288 2007-06-25] (Prolific Technology Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-26] (Avast Software)
R2 vnccom; C:\Windows\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft) [File not signed]
R3 vncdrv; C:\Windows\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 18:41 - 2015-02-02 18:44 - 00027793 _____ () C:\Users\camplate\Downloads\FRST.txt
2015-02-02 18:38 - 2015-02-02 18:42 - 00000000 ____D () C:\FRST
2015-02-02 18:35 - 2015-02-02 18:36 - 01122304 _____ (Farbar) C:\Users\camplate\Downloads\FRST.exe
2015-01-31 07:12 - 2015-02-02 07:57 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 07:12 - 2015-02-02 06:56 - 00000000 ____D () C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 07:12 - 2015-01-31 07:13 - 00000000 ____D () C:\Program Files\Positive Finds
2015-01-23 17:57 - 2015-01-23 17:57 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-23 05:45 - 2015-01-23 05:45 - 00001890 _____ () C:\Users\camplate\Desktop\AutoDelivery.lnk
2015-01-20 12:11 - 2015-01-20 12:13 - 00000346 _____ () C:\Users\camplate\Documents\Coal calculatiions.txt
2015-01-15 03:26 - 2014-12-18 19:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:03 - 2014-12-05 22:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:03 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:03 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:01 - 2014-12-05 22:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-12 19:39 - 2015-01-12 19:39 - 00347816 _____ (Microsoft Corporation) C:\Users\camplate\Downloads\MicrosoftFixit.wu.LB.2333445655497348.1.1.Run.exe
2015-01-08 21:06 - 2015-01-08 21:15 - 00000000 ____D () C:\Users\camplate\Downloads\hs2_german_ipod
2015-01-03 17:42 - 2015-01-03 18:40 - 00000000 ____D () C:\Hand And Foot
2015-01-03 17:42 - 2015-01-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tams11
2015-01-03 10:21 - 2015-01-03 10:21 - 00001093 _____ () C:\Users\camplate\Desktop\Juniper.lnk
2015-01-03 10:06 - 2015-01-03 10:06 - 00000000 ____D () C:\Users\camplate\Desktop\CSV
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 18:37 - 2007-12-19 13:21 - 02012462 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 18:27 - 2009-06-30 04:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 18:18 - 2012-05-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 17:18 - 2009-05-15 05:08 - 00069626 _____ () C:\ProgramData\nvModes.001
2015-02-02 17:16 - 2010-02-02 05:50 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-02 16:59 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 16:59 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 21:27 - 2009-06-30 04:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 19:44 - 2014-11-28 17:25 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-29 19:42 - 2013-05-06 16:13 - 00000000 ____D () C:\Temp
2015-01-29 19:01 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 19:39 - 2014-03-19 18:45 - 00001934 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 16:47 - 2008-08-04 21:14 - 00001732 ____H () C:\Users\camplate\Documents\Default.rdp
2015-01-24 23:18 - 2012-05-13 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 23:18 - 2011-05-21 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 18:02 - 2006-11-02 08:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-23 17:59 - 2013-10-15 20:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 17:58 - 2007-05-30 23:37 - 00000000 ____D () C:\Program Files\Java
2015-01-23 17:54 - 2014-07-15 20:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-19 11:18 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 10:52 - 2008-05-21 02:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 10:23 - 2006-11-02 05:33 - 00819194 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 07:30 - 2009-07-20 00:05 - 00000472 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-01-15 03:26 - 2013-07-13 02:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:05 - 2006-11-02 05:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-08 19:16 - 2014-04-03 19:20 - 00000000 ____D () C:\Users\camplate\AppData\Local\CrashDumps
2015-01-06 04:36 - 2009-10-03 01:26 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-03-02 22:33 - 2014-03-04 23:36 - 0003743 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2008-04-29 08:03 - 2009-05-12 18:01 - 0027620 _____ () C:\Users\camplate\AppData\Roaming\nvModes.001
2008-04-29 07:11 - 2009-04-21 04:56 - 0027620 _____ () C:\Users\camplate\AppData\Roaming\nvModes.dat
2014-03-20 18:18 - 2014-03-20 18:18 - 0000680 _____ () C:\Users\camplate\AppData\Local\d3d9caps.dat
2009-05-15 05:08 - 2015-02-02 17:18 - 0069626 _____ () C:\ProgramData\nvModes.001
2009-05-15 05:08 - 2012-12-29 14:06 - 0069626 _____ () C:\ProgramData\nvModes.dat
 
Files to move or delete:
====================
C:\Users\camplate\jagex_cl_runescape_LIVE.dat
C:\Users\camplate\jagex_runescape_preferences.dat
C:\Users\camplate\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\camplate\AppData\Local\Temp\jre-8u31-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-02 07:47
 
==================== End Of Log ============================

Edited by camplate, 04 February 2015 - 05:46 AM.


BC AdBot (Login to Remove)

 


#2 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 07 February 2015 - 07:51 AM

Forgot the Addition.txt

Attached Files



#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 07 February 2015 - 10:53 AM

hi camplate,

 

Adware stuff. Look in your add/remove programs panel and uninstall them if present: DownLite and Positive Finds

Reboot machine after the uninstalls then run adwcleaner:

 

Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab, once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: AdwCleaner AdwCleaner[S0].txt


How Can I Reduce My Risk to Malware?


#4 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 07 February 2015 - 01:39 PM

Thank you. Did the removal, reboot, run adaware.
 
# AdwCleaner v4.110 - Logfile created 07/02/2015 at 13:29:18
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : camplate - CAMPLATE-PC
# Running from : C:\Users\camplate\Downloads\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : Service Mgr PositiveFinds
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
File Deleted : C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50F60937-910A-4C05-8E36-FE4E299191CF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{63C63464-1423-4FDB-BA5D-6F75F491C63E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\PositiveFinds
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2481 bytes] - [20/10/2014 08:28:30]
AdwCleaner[R1].txt - [2574 bytes] - [05/02/2015 04:56:07]
AdwCleaner[R2].txt - [2405 bytes] - [07/02/2015 13:23:15]
AdwCleaner[S0].txt - [2653 bytes] - [20/10/2014 08:33:10]
AdwCleaner[S1].txt - [2671 bytes] - [05/02/2015 05:13:31]
AdwCleaner[S2].txt - [2364 bytes] - [07/02/2015 13:29:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2423  bytes] ##########


#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 08 February 2015 - 08:17 AM

Ok, good. Looks like you have used Adwcleaner before. If all is good on your end you can get one more download that will remove FRST and Adwcleaner then delete itself:

 

     Please download Delfix.exe and save it to your desktop.

 

    https://toolslib.net/downloads/viewdownload/2-delfix/

 

    Right click and select "run as admin" Ensure Remove disinfection tools is checked and click on the Run button.

    The tool will delete itself once it finishes. You can delete the log it generates

 

 


How Can I Reduce My Risk to Malware?


#6 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 08 February 2015 - 10:53 AM

I have run delfix.

 

# DelFix v10.8 - Logfile created 08/02/2015 at 10:51:34
# Updated 29/07/2014 by Xplode
# Username : camplate - CAMPLATE-PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\camplate\Desktop\JRT.txt
Deleted : C:\Users\camplate\Downloads\Addition.txt
Deleted : C:\Users\camplate\Downloads\adwcleaner_4.110.exe
Deleted : C:\Users\camplate\Downloads\FRST.exe
Deleted : C:\Users\camplate\Downloads\FRST.txt
Deleted : C:\Users\camplate\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
########## - EOF - ##########
 
Ready for the next step.


#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 08 February 2015 - 11:47 AM

Log looks ok. Uninstalling and running adwcleaner should have taken care of the problem. There is no next step unless something else is going on?


How Can I Reduce My Risk to Malware?


#8 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 08 February 2015 - 02:42 PM

Yes, I still have positive finds on my browser. Fun times.



#9 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 08 February 2015 - 08:57 PM

Ok. see if this helps;

Copy and paste the lines below in the code box into notepad. Save it as fixlist.txt to the same place you have FRST, which is here: C:\Users\camplate\Downloads

BHO: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

Launch FRST like you did before except this time press the Fix button just once and wait, the program will automatically launch fixlist.txt.

The tool will create a log in the same directory FRST is located called Fixlog.txt. Please copy and paste the contents of the file in your reply.

 

I will probably not be back on line for 16hrs or so.


How Can I Reduce My Risk to Malware?


#10 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 09 February 2015 - 08:47 AM

Thank you for the help. I know this is a long process.

I still have the problem.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by camplate at 2015-02-09 07:03:43 Run:1
Running from C:\Users\camplate\Downloads
Loaded Profiles: camplate (Available profiles: camplate & Karen)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
BHO: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}" => Key deleted successfully.
HKCR\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41} => Key not found. 
"C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()" => File/Directory not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
 
==== End of Fixlog 07:03:43 ====


#11 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 09 February 2015 - 05:36 PM

Ok thanks for the info. Is it just Chrome thats affected or IE also? We will get another download thats like adwcleaner. Run that then reset Chrome back to its defaults and see how that goes.

 

     JRT.exe:

 

     Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

How to reset Chrome back to its defaults:

https://support.google.com/chrome/answer/3296214?hl=en

 

Take a look in your add/remove programs panel and uninstall:

 

My.Freeze.com NetAssistant (Version: 3.6.4 - Freeze.com) and /or
My.Freeze.com NetAssistant for Firefox


Edited by shelf life, 09 February 2015 - 07:01 PM.

How Can I Reduce My Risk to Malware?


#12 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 09 February 2015 - 07:04 PM

Ha-ha! Resetting Chrome really sucks. Losing Ghostery and adblock made the popups much worse. I am going to restore them.

I can go weeks and months without using IE. I can check if it needs checked.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by camplate on Mon 02/09/2015 at 18:08:29.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/09/2015 at 18:13:17.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 09 February 2015 - 08:52 PM

Nothing in that log.Resetting Chrome may fix it, it may not, you can always reinstall Ghostery and Adblock. You can also backup your bookmarks to a HTML file and restore them also.

Also can you rescan with FRST like you did originally and post a new log. A comparison between the logs may prove useful.

I wont be back on line for 16-18 hrs or so.


How Can I Reduce My Risk to Malware?


#14 camplate

camplate
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 February 2015 - 05:41 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by camplate (administrator) on CAMPLATE-PC on 10-02-2015 05:37:16
Running from C:\Users\camplate\Downloads
Loaded Profiles: camplate (Available profiles: camplate & Karen)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Windows\System32\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) D:\Steam\Steam.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Akamai Technologies, Inc.) C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
(Space Sciences Laboratory) C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2007-03-22] (TOSHIBA Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [49168 2006-12-03] (UPEK Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [IaNvSrv] => C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33048 2007-03-13] (Intel Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [58112 2009-11-06] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [4793088 2009-11-06] (Space Sciences Laboratory)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [CSV To Fixed Width Text File Batch Converter Software.exe] => [X]
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [PMCLoader] => C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [Akamai NetSession Interface] => C:\Users\camplate\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 12\SwHelper_1211151.exe [1308360 2014-04-15] (Adobe Systems, Inc.)
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\RunOnce: [Adobe Speed Launcher] => 1423523994
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: {01c00ddb-b17a-11e2-8064-8ab3356fbe75} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\MountPoints2: {f50328d6-b4f3-11dd-ba18-001b3813a349} - H:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File Not Found
AppInit_DLLs: , C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite QL\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite QL\farchns.dll (UPEK Inc.)
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-19]
FF HKU\S-1-5-21-2720065947-3552650222-1412502803-1000\...\Firefox\Extensions: [{03ED094E-6546-4294-96BD-7714E87DA888}] - C:\Users\camplate\AppData\Roaming\My.Freeze.com NetAssistant
FF Extension: My.Freeze.com NetAssistant - C:\Users\camplate\AppData\Roaming\My.Freeze.com NetAssistant [2010-07-31]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.goodsearch.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Adblock Plus) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-09]
CHR Extension: (Google Search) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Video Downloader professional) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-08-10]
CHR Extension: (AdBlock) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-11]
CHR Extension: (Avast Online Security) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-19]
CHR Extension: (Ghostery) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\camplate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-26] (Avast Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2014-06-25] (Juniper Networks, Inc.)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
S2 gupdate1c966186c48fdc3; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [158832 2012-07-10] (Juniper Networks, Inc.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [77824 2007-05-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WebUpdate4; C:\Windows\system32\WebUpdateSvc4.exe [291088 2011-06-23] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-03-04] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software) [File not signed]
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-08-02] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-12-02] (Generic USB smartcard reader)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 Ser2rs; C:\Windows\System32\DRIVERS\ser2rs.sys [76288 2007-06-25] (Prolific Technology Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-26] (Avast Software)
R2 vnccom; C:\Windows\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft) [File not signed]
R3 vncdrv; C:\Windows\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 04:54 - 2015-02-10 04:54 - 00026531 _____ () C:\Users\camplate\Downloads\FRST.txt
2015-02-09 18:13 - 2015-02-09 18:13 - 00000645 _____ () C:\Users\camplate\Desktop\JRT.txt
2015-02-09 18:07 - 2015-02-09 18:07 - 01388274 _____ (Thisisu) C:\Users\camplate\Downloads\JRT.exe
2015-02-09 17:59 - 2015-02-09 17:59 - 00000262 _____ () C:\Users\camplate\Downloads\Fixlist.txt
2015-02-09 09:24 - 2015-02-09 17:58 - 00046622 _____ () C:\Users\camplate\Downloads\Addition2.txt
2015-02-09 09:21 - 2015-02-09 09:26 - 00033972 _____ () C:\Users\camplate\Downloads\FRST2.txt
2015-02-09 07:07 - 2015-02-09 08:41 - 00045273 _____ () C:\Users\camplate\Downloads\Addition1.txt
2015-02-09 07:04 - 2015-02-09 08:43 - 00033281 _____ () C:\Users\camplate\Downloads\FRST1.txt
2015-02-09 07:02 - 2015-02-10 04:54 - 00000000 ____D () C:\FRST
2015-02-09 07:01 - 2015-02-09 07:01 - 01124352 _____ (Farbar) C:\Users\camplate\Downloads\FRST.exe
2015-02-04 21:16 - 2015-02-05 17:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 21:15 - 2015-02-05 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 21:15 - 2015-02-05 17:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-04 21:15 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 21:15 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 05:39 - 2015-02-04 05:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\camplate\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-31 07:12 - 2015-01-31 08:18 - 00000000 ____D () C:\Users\camplate\AppData\Local\Free YouTube Downloader
2015-01-31 07:11 - 2015-01-31 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-01-31 07:10 - 2015-01-31 07:10 - 00000000 ____D () C:\Users\camplate\AppData\Roaming\How Inc
2015-01-23 17:57 - 2015-01-23 17:57 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-23 05:45 - 2015-01-23 05:45 - 00001890 _____ () C:\Users\camplate\Desktop\AutoDelivery.lnk
2015-01-20 12:11 - 2015-01-20 12:13 - 00000346 _____ () C:\Users\camplate\Documents\Coal calculatiions.txt
2015-01-15 03:26 - 2014-12-18 19:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:03 - 2014-12-05 22:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:03 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:03 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:01 - 2014-12-05 22:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-12 19:39 - 2015-01-12 19:39 - 00347816 _____ (Microsoft Corporation) C:\Users\camplate\Downloads\MicrosoftFixit.wu.LB.2333445655497348.1.1.Run.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 04:52 - 2010-02-02 05:50 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-10 04:34 - 2009-06-30 04:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 04:18 - 2012-05-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 04:16 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 04:16 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 03:00 - 2007-12-19 13:21 - 01152355 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 18:18 - 2013-05-06 16:13 - 00000000 ____D () C:\Temp
2015-02-09 18:17 - 2009-06-30 04:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 18:17 - 2009-05-15 05:08 - 00069626 _____ () C:\ProgramData\nvModes.001
2015-02-09 18:16 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 18:14 - 2006-11-02 08:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 10:51 - 2014-03-09 19:04 - 00000704 _____ () C:\DelFix.txt
2015-02-07 13:10 - 2007-05-30 21:55 - 00217398 _____ () C:\Windows\PFRO.log
2015-02-06 06:43 - 2014-03-19 18:45 - 00001934 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 18:13 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 17:00 - 2014-03-01 23:25 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 21:15 - 2010-04-04 13:33 - 00000000 ____D () C:\Users\camplate\AppData\Roaming\Malwarebytes
2015-02-04 21:15 - 2010-04-04 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 21:09 - 2014-11-28 17:25 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-04 18:18 - 2012-05-13 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 18:18 - 2011-05-21 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 16:47 - 2008-08-04 21:14 - 00001732 ____H () C:\Users\camplate\Documents\Default.rdp
2015-01-23 17:59 - 2013-10-15 20:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 17:58 - 2007-05-30 23:37 - 00000000 ____D () C:\Program Files\Java
2015-01-23 17:54 - 2014-07-15 20:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-19 11:18 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 10:52 - 2008-05-21 02:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 10:23 - 2006-11-02 05:33 - 00819194 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 07:30 - 2009-07-20 00:05 - 00000472 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-01-15 03:26 - 2013-07-13 02:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:05 - 2006-11-02 05:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2014-03-02 22:33 - 2014-03-04 23:36 - 0003743 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2008-04-29 08:03 - 2009-05-12 18:01 - 0027620 _____ () C:\Users\camplate\AppData\Roaming\nvModes.001
2008-04-29 07:11 - 2009-04-21 04:56 - 0027620 _____ () C:\Users\camplate\AppData\Roaming\nvModes.dat
2014-03-20 18:18 - 2014-03-20 18:18 - 0000680 _____ () C:\Users\camplate\AppData\Local\d3d9caps.dat
2009-05-15 05:08 - 2015-02-09 18:17 - 0069626 _____ () C:\ProgramData\nvModes.001
2009-05-15 05:08 - 2012-12-29 14:06 - 0069626 _____ () C:\ProgramData\nvModes.dat
 
Files to move or delete:
====================
C:\Users\camplate\jagex_cl_runescape_LIVE.dat
C:\Users\camplate\jagex_runescape_preferences.dat
C:\Users\camplate\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\camplate\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\camplate\AppData\Local\Temp\Quarantine.exe
C:\Users\camplate\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 18:24
 
==================== End Of Log ============================
 
 

Attached Files



#15 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:49 PM

Posted 10 February 2015 - 05:16 PM

ok thanks for the log. You reset Chrome back to its defaults? We will use FRST to remove some things;

 

Please copy/paste whats in the code box below into notepad. Save it in the same directory as FRST.

Start FRST and this time click on the Fix button.The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\camplate\jagex_cl_runescape_LIVE.dat
C:\Users\camplate\jagex_runescape_preferences.dat
C:\Users\camplate\jagex_runescape_preferences2.datCustomCLSID: HKU\S-1-5-21-2720065947-3552650222-1412502803-1000_Classes\CLSID\{D09C464F-07DE-4C04-ABB4-88C30329C02D}\InprocServer32 -> C:\Users\camplate\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\YBPAddon_2.5.1.dll No File
CustomCLSID: HKU\S-1-5-21-2720065947-3552650222-1412502803-1000_Classes\CLSID\{F6406B2D-39A7-4566-A174-E19DDD818A95}\InprocServer32 -> C:\Users\camplate\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\YBPAddon_2.4.21.dll No File
CustomCLSID: HKU\S-1-5-21-2720065947-3552650222-1412502803-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\camplate\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll No File
EmptyTemp:
 

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users