Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware "Positive Finds Ads" removal assistance request (FRST log included)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kanjo

Kanjo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 04 February 2015 - 11:43 AM

Thanks in advance.

I'm a beginner so apologies if I've done something wrong.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Liamosan (administrator) on LIAMOSANPC on 04-02-2015 16:33:54
Running from C:\Users\Liamosan\Downloads
Loaded Profiles: Liamosan (Available profiles: Liamosan & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (All) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [448912 2014-10-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-04] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [25088 2013-08-22] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2013-08-22] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2374784 2014-08-23] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2084520 2014-08-23] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\...\Run: [Google Update] => C:\Users\Liamosan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-26] (Google Inc.)
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\...\Policies\system: [DisableRegistryTools] 0
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\...\Policies\system: [DisableTaskMgr] 0
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\...\Policies\Explorer: [NoDriveAutorun] 0
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liamosan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3480995095-2122093578-3937376587-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3480995095-2122093578-3937376587-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-3480995095-2122093578-3937376587-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Liamosan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3480995095-2122093578-3937376587-1001: @talk.google.com/O1DPlugin -> C:\Users\Liamosan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3480995095-2122093578-3937376587-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Liamosan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3480995095-2122093578-3937376587-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Liamosan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Liamosan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Liamosan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10647A&gct=hp&d=405-0&v=n12144-310&t=4
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (YouTube) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (digi docket) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdkpkiiifcibnolahdkjooplabmjoke [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Avast Online Security) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Gmail) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]
CHR Profile: C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Profile: C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Profile: C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Avast Online Security) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Profile: C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Google Docs) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-20]
CHR Extension: (YouTube) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Google Sheets) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Avast Online Security) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-04]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-04] (AVAST Software)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-12-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-12-26] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-12] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-12] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-04] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-12-26] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-05-16] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2014-12-26] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-12-26] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-01-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-01-13] (Acronis)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 16:29 - 2015-02-04 16:29 - 00000000 ____D () C:\Users\Liamosan\Downloads\FRST-OlderVersion
2015-02-04 14:55 - 2015-02-04 14:56 - 00021313 _____ () C:\Users\Liamosan\Downloads\Addition.txt
2015-02-04 14:54 - 2015-02-04 16:33 - 00031604 _____ () C:\Users\Liamosan\Downloads\FRST.txt
2015-02-04 14:54 - 2015-02-04 16:33 - 00000000 ____D () C:\FRST
2015-02-04 14:53 - 2015-02-04 16:29 - 02131968 _____ (Farbar) C:\Users\Liamosan\Downloads\FRST64.exe
2015-02-04 14:42 - 2015-02-04 14:42 - 00001649 _____ () C:\Users\Liamosan\Desktop\JRT.txt
2015-02-04 14:30 - 2015-02-04 14:30 - 01388274 _____ (Thisisu) C:\Users\Liamosan\Downloads\JRT.exe
2015-02-04 14:05 - 2015-02-04 16:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 14:04 - 2015-02-04 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 14:04 - 2015-02-04 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 14:04 - 2015-02-04 14:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 14:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-04 14:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-04 14:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-04 13:56 - 2015-02-04 16:23 - 00000000 ____D () C:\AdwCleaner
2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Liamosan\Downloads\AdwCleaner.exe
2015-02-04 11:14 - 2015-02-04 11:14 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-04 11:11 - 2015-02-04 11:15 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\Dropbox
2015-02-04 11:06 - 2015-02-04 14:47 - 00003288 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3480995095-2122093578-3937376587-1001
2015-02-04 11:01 - 2015-02-04 11:06 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-04 11:01 - 2015-02-04 11:01 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-04 11:01 - 2015-02-04 11:01 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\AVAST Software
2015-02-04 11:01 - 2015-02-04 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-04 11:00 - 2015-02-04 11:01 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-04 11:00 - 2015-02-04 11:01 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-04 11:00 - 2015-02-04 11:00 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-04 11:00 - 2015-02-04 11:00 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-04 11:00 - 2015-02-04 11:00 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-04 10:58 - 2015-02-04 10:58 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-04 10:57 - 2015-02-04 10:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-03 21:19 - 2015-02-03 21:19 - 00019007 _____ () C:\Users\Liamosan\Downloads\phil-steinschneider_blade-runner-movie-font.zip
2015-02-03 09:43 - 2015-02-03 09:43 - 00036690 _____ () C:\Users\Liamosan\Downloads\filmfonts_jurassic-park.zip
2015-02-02 10:55 - 2015-02-02 11:06 - 00009960 _____ () C:\Users\Liamosan\Downloads\software_removal_tool.log
2015-02-02 00:04 - 2015-02-02 00:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-01 23:44 - 2015-02-01 23:44 - 00000000 ____D () C:\ProgramData\LULU Software
2015-02-01 21:57 - 2015-02-01 21:57 - 00000000 ____D () C:\Program Files (x86)\Free Visio Viewer
2015-02-01 17:06 - 2015-02-01 17:06 - 00011219 _____ () C:\Users\Liamosan\Desktop\pspbrwse.jbf
2015-02-01 15:24 - 2015-02-01 15:43 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\Soda PDF 7
2015-02-01 15:23 - 2015-02-01 23:45 - 00000000 ____D () C:\ProgramData\Soda PDF 7
2015-02-01 15:08 - 2015-02-01 21:36 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\CDisplayEx
2015-02-01 13:15 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-22 21:46 - 2015-01-22 21:47 - 09094189 _____ () C:\Users\Liamosan\Downloads\Quake_802.zip
2015-01-21 22:55 - 2015-01-21 22:56 - 02089157 _____ () C:\Users\Liamosan\Downloads\Wolfenstein3d (1).zip
2015-01-21 22:54 - 2015-01-21 22:54 - 00005915 _____ () C:\Users\Liamosan\Downloads\Wolfenstein3d.zip
2015-01-14 12:36 - 2015-01-15 13:46 - 00000000 ____D () C:\Users\Liamosan\Desktop\USBackup
2015-01-14 09:25 - 2015-01-14 09:25 - 00000000 ____D () C:\Users\Liamosan\AppData\Local\HP Quick Start
2015-01-14 07:03 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:03 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:03 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:03 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:03 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:03 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:03 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:03 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:03 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:03 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:03 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:03 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:03 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:03 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:03 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:03 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:03 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:03 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:03 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:03 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:03 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:03 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:03 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:03 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 07:03 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 20:28 - 2015-01-13 20:28 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\Seagate
2015-01-13 20:26 - 2015-01-13 20:36 - 00000000 ____D () C:\ProgramData\Seagate
2015-01-13 20:26 - 2015-01-13 20:26 - 01462560 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tdrpman.sys
2015-01-13 20:26 - 2015-01-13 20:26 - 01120032 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys
2015-01-13 20:26 - 2015-01-13 20:26 - 00233760 _____ (Acronis) C:\WINDOWS\system32\Drivers\snapman.sys
2015-01-13 20:26 - 2015-01-13 20:26 - 00183224 _____ (Acronis) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-01-13 20:26 - 2015-01-13 20:26 - 00108832 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2015-01-13 20:26 - 2015-01-13 20:26 - 00001208 _____ () C:\Users\Public\Desktop\Seagate DiscWizard.lnk
2015-01-13 20:26 - 2015-01-13 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-13 20:26 - 2015-01-13 20:26 - 00000000 ____D () C:\ProgramData\Acronis
2015-01-13 20:26 - 2015-01-13 20:26 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-13 19:34 - 2015-01-13 19:47 - 262018512 _____ () C:\Users\Liamosan\Downloads\DiscWizardSetup-16005840.en.exe
2015-01-13 17:50 - 2015-01-13 17:50 - 00098304 _____ (Hewlett-Packard Company) C:\Users\Liamosan\Downloads\HPUSBDisk.exe
2015-01-13 17:50 - 2015-01-13 17:50 - 00098304 _____ (Hewlett-Packard Company) C:\Users\Liamosan\Downloads\HPUSBDisk (1).exe
2015-01-12 19:49 - 2015-01-12 19:49 - 00003042 _____ () C:\WINDOWS\System32\Tasks\{009EDFB1-728B-48F0-A35C-6F17EC9EBEBE}
2015-01-12 19:48 - 2015-01-12 19:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\Leadertech
2015-01-06 21:05 - 2015-01-06 21:05 - 00044706 _____ () C:\Users\Liamosan\Downloads\pspbrwse.jbf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 16:26 - 2014-12-12 14:32 - 02069397 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 16:25 - 2013-12-26 11:03 - 00000000 ____D () C:\Users\Liamosan\Documents\Youcam
2015-02-04 16:24 - 2014-12-12 19:33 - 00000000 ____D () C:\Users\Liamosan\OneDrive
2015-02-04 16:24 - 2014-11-26 23:55 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 16:23 - 2014-09-24 08:08 - 00015946 _____ () C:\WINDOWS\PFRO.log
2015-02-04 16:23 - 2013-08-22 14:46 - 00339419 _____ () C:\WINDOWS\setupact.log
2015-02-04 16:23 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-04 16:00 - 2014-11-26 23:55 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 16:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-04 15:35 - 2014-12-29 12:30 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3480995095-2122093578-3937376587-1001UA.job
2015-02-04 15:21 - 2014-11-26 23:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3480995095-2122093578-3937376587-1001
2015-02-04 13:34 - 2014-09-24 16:21 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 13:28 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-04 13:20 - 2013-08-22 14:44 - 00373616 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-04 11:11 - 2013-11-09 12:13 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2015-02-04 11:10 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-04 11:10 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-04 10:51 - 2014-11-26 23:52 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5148B8A-EDA9-448C-9B4E-82C63DAECB74}
2015-02-03 20:34 - 2013-12-26 18:06 - 00000000 ____D () C:\Users\Liamosan\Documents\My PSP8 Files
2015-02-03 17:20 - 2014-01-07 18:48 - 00000000 ____D () C:\Users\Liamosan\Documents\Vegas Movie Studio 9.0 Projects
2015-02-03 12:35 - 2014-12-29 12:30 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3480995095-2122093578-3937376587-1001Core.job
2015-02-02 00:00 - 2013-11-09 11:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 23:56 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-01 23:56 - 2013-08-22 13:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-01 23:36 - 2014-11-27 09:22 - 00002421 _____ () C:\Users\Liamosan\Desktop\Mattie N - Chrome.lnk
2015-02-01 23:36 - 2014-11-27 09:22 - 00002401 _____ () C:\Users\Liamosan\Desktop\Donna - Chrome.lnk
2015-02-01 23:36 - 2014-11-27 09:22 - 00002332 _____ () C:\Users\Liamosan\Desktop\Liamosan - Chrome.lnk
2015-02-01 23:36 - 2014-11-26 23:57 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-01 23:35 - 2014-12-12 19:29 - 00001453 _____ () C:\Users\Liamosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-01 16:21 - 2014-02-04 12:05 - 00452096 ___SH () C:\Users\Liamosan\Desktop\Thumbs.db
2015-02-01 15:32 - 2014-01-11 18:21 - 01217024 ___SH () C:\Users\Liamosan\Downloads\Thumbs.db
2015-02-01 13:40 - 2014-12-14 22:39 - 00000000 ____D () C:\Users\Liamosan\AppData\Roaming\OBS
2015-01-30 12:10 - 2014-12-26 11:59 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-30 12:10 - 2014-12-26 11:59 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-28 12:41 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 19:18 - 2013-11-09 11:58 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-24 20:20 - 2014-12-14 23:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 20:20 - 2014-12-14 23:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 15:06 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-14 08:56 - 2014-12-01 16:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 08:43 - 2014-12-01 16:19 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Liamosan\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Liamosan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplm3plp.dll
C:\Users\Liamosan\AppData\Local\Temp\Extract.exe
C:\Users\Liamosan\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Liamosan\AppData\Local\Temp\Quarantine.exe
C:\Users\Liamosan\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Liamosan\AppData\Local\Temp\SP63317.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63965.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63967.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63975.exe
C:\Users\Liamosan\AppData\Local\Temp\SP64109.exe
C:\Users\Liamosan\AppData\Local\Temp\SP67280.exe
C:\Users\Liamosan\AppData\Local\Temp\SP68055.exe
C:\Users\Liamosan\AppData\Local\Temp\SP69887.exe
C:\Users\Liamosan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 15:21
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:50 PM

Posted 07 February 2015 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\Winlogon: [Shell] explorer.exe [2374784 2014-08-23] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2084520 2014-08-23] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3480995095-2122093578-3937376587-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3480995095-2122093578-3937376587-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-3480995095-2122093578-3937376587-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10647A&gct=hp&d=405-0&v=n12144-310&t=4
CHR Extension: (digi docket) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdkpkiiifcibnolahdkjooplabmjoke [2015-02-01]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Free Visio Viewer) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdkpkiiifcibnolahdkjooplabmjoke
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
C:\Users\Liamosan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
C:\Users\Liamosan\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Liamosan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplm3plp.dll
C:\Users\Liamosan\AppData\Local\Temp\Extract.exe
C:\Users\Liamosan\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Liamosan\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Liamosan\AppData\Local\Temp\SP63317.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63965.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63967.exe
C:\Users\Liamosan\AppData\Local\Temp\SP63975.exe
C:\Users\Liamosan\AppData\Local\Temp\SP64109.exe
C:\Users\Liamosan\AppData\Local\Temp\SP67280.exe
C:\Users\Liamosan\AppData\Local\Temp\SP68055.exe
C:\Users\Liamosan\AppData\Local\Temp\SP69887.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:50 PM

Posted 13 February 2015 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users