Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Positive Finds


  • This topic is locked This topic is locked
6 replies to this topic

#1 LordVoldemoo

LordVoldemoo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 16 February 2015 - 10:59 PM

Hi,

 

I've got the Positive Finds hijacker taking control of Chrome. It hijacks legitimate links and redirects to ad sites. So far it doesn't seem destructive, just really annoying! I've tried MalwareBytes and AVAST, and neither sees it. AdwCleaner will remove it, though if I open Chrome again it comes back.

 

Help me Obi-Wan Kenobi! You're my only hope!

 

Seriously, you guys rock!Attached File  Addition.txt   44.29KB   4 downloadsAttached File  Addition.txt   44.29KB   4 downloads

 

Here's my log from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Andy (administrator) on ANDYGT on 16-02-2015 17:04:40
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy & MSSQL$SQLEXPRESS (Available profiles: Andy & MSSQL$SQLEXPRESS & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Sococo\SococoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BigStretchExtras.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2896712 2014-04-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-19] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Run: [Google Update] => C:\Users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-25] (Google Inc.)
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Run: [BA812B25DAE92B3045BC1968F4736577C8B0D8D3._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-15] (Speedbit Ltd.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Big Stretch Reminder Program.lnk
ShortcutTarget: Big Stretch Reminder Program.lnk -> C:\Program Files (x86)\Monkeymatt\Big Stretch\bigstretch.exe (BigStretch)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BigStretchExtras.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Gagws&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> {D23EFE51-AC1A-4B7D-A629-766CAE59C070} URL =
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\86fegydc.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3529227163-4030713021-2619580118-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3529227163-4030713021-2619580118-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3529227163-4030713021-2619580118-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3529227163-4030713021-2619580118-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\86fegydc.default\searchplugins\google-avast.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: No Name - C:\Program Files (x86)\DAP\daplinkchecker [2014-11-28]
FF HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: No Name - C:\Program Files (x86)\DAP\DAPFireFox [2014-11-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtCyE0DtCtB0BzzyEyE0CtAyE0E0AtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StAtBtAtAtDtByDyCtGtC0D0C0FtG0EtB0F0AtGtA0A0ByBtGtAtC0BtA0AzyyB0CzyyBzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytBzy0CtAtB0AtGtCyBzy0EtG0A0BzztDtG0FyB0DzytGtCzy0AtBzztCzztC0CyD0F0D2Q&cr=1633548481&ir="
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-01-15]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-06]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-01-15]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-06]
CHR Extension: (Honey) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-01-15]
CHR Extension: (Google Cast) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-06]
CHR Extension: (REST Console) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2014-01-15]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-06]
CHR Extension: (Tabs Outliner) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-01-11]
CHR Extension: (Google Play Movies) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppdphmgcddhjeddoeghpjefkdlccljb [2014-04-18]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-05]
CHR Extension: (IE Tab) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-01-15]
CHR Extension: (Smile Always) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2014-01-15]
CHR Extension: (The Great Suspender) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-01-11]
CHR Extension: (Toothless) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmoddhicigmjbldpdglkhalagjjiinnl [2014-03-28]
CHR Extension: (Poppit!) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-15]
CHR Extension: (JIRA Capture) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncojcjgicednkfkdfbndhmnddjilkbik [2014-01-15]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Clicker.TV) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaodinjbnakgknmblmhblapgpmfaciba [2014-01-15]
CHR Extension: (Evernote Web Clipper) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-15]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-20] () [File not signed]
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-04-10] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Users\Andy\AppData\Local\Temp\7zS70B1\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-20] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SococoSvc; C:\Program Files (x86)\Sococo\SococoService.exe [28672 2014-03-27] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-27] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-31] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-01-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [173384 2014-04-09] (ELAN Microelectronic Corp.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-05] (ELAN Microelectronic Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)
S3 mos24ser_QUADPORT; C:\Windows\System32\drivers\mos24ser_QUADPORT.sys [283776 2013-09-04] (ASIX Electronics Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-22] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2013-03-26] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 ApfiltrService; \SystemRoot\system32\DRIVERS\Apfiltr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 17:04 - 2015-02-16 17:04 - 00036192 _____ () C:\Users\Andy\Desktop\FRST.txt
2015-02-16 17:04 - 2015-02-16 17:04 - 00000000 ____D () C:\FRST
2015-02-16 17:03 - 2015-02-16 17:03 - 02085888 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-02-16 16:55 - 2015-02-16 16:55 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Desktop\TFC.exe
2015-02-16 16:28 - 2015-02-16 16:28 - 05325208 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup502.exe
2015-02-16 16:28 - 2015-02-16 16:28 - 00000805 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-16 16:28 - 2015-02-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-16 16:21 - 2015-02-16 16:21 - 00000000 ___SH () C:\DkHyperbootSync
2015-02-16 00:26 - 2015-02-16 00:26 - 02112512 _____ () C:\Users\Andy\Downloads\AdwCleaner.exe
2015-02-16 00:18 - 2015-02-16 00:18 - 00001951 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-16 00:18 - 2015-02-16 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-16 00:18 - 2014-11-22 08:25 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-15 21:14 - 2015-02-16 00:42 - 00000000 ____D () C:\AdwCleaner
2015-02-15 14:35 - 2015-02-16 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-15 14:35 - 2015-02-16 00:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 14:35 - 2015-02-15 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 16:02 - 2015-02-14 16:02 - 00000000 ____D () C:\My Backups
2015-02-14 15:59 - 2015-02-14 16:01 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2015-02-11 07:57 - 2014-10-28 17:31 - 01441792 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 07:56 - 2015-01-13 14:11 - 01762840 ____N (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 07:56 - 2015-01-11 18:48 - 02885632 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 07:56 - 2015-01-11 17:27 - 02865152 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 07:56 - 2015-01-11 17:27 - 02358272 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 07:56 - 2015-01-11 17:14 - 01548288 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 07:56 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 07:56 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 07:56 - 2015-01-09 23:00 - 00430080 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 07:56 - 2014-12-19 00:57 - 00788680 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 07:56 - 2014-12-19 00:25 - 00602776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 07:56 - 2014-12-08 17:56 - 00538624 ____N (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 07:56 - 2014-10-28 18:02 - 00285184 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 07:56 - 2014-10-28 18:02 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-21 09:08 - 2015-01-21 09:10 - 00002226 ____H () C:\Users\Andy\Documents\Default.rdp
2015-01-20 14:19 - 2015-01-21 09:18 - 00000832 _____ () C:\Users\Andy\Desktop\Solekai_Viola.RDP - Shortcut.lnk
2015-01-19 09:28 - 2015-01-19 09:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-17 18:57 - 2015-01-17 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-17 17:58 - 2015-01-17 17:58 - 00596600 _____ () C:\Users\Andy\Downloads\Installation.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 17:04 - 2014-01-06 21:15 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 17:03 - 2014-11-28 23:40 - 00001311 _____ () C:\Users\Andy\Desktop\My DAP Downloads.lnk
2015-02-16 17:03 - 2014-01-16 11:05 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0D44D81C-3351-4DF2-A709-D405B09D2436}
2015-02-16 17:02 - 2014-01-25 20:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3529227163-4030713021-2619580118-1002UA.job
2015-02-16 17:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 17:01 - 2013-11-27 16:14 - 00000000 ____D () C:\ProgramData\Temp
2015-02-16 16:36 - 2014-10-09 06:53 - 00000570 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3529227163-4030713021-2619580118-1002.job
2015-02-16 16:28 - 2014-01-25 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 16:05 - 2014-01-04 20:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3529227163-4030713021-2619580118-1002
2015-02-16 16:00 - 2014-01-06 21:15 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 15:55 - 2013-11-13 23:28 - 01076102 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 15:50 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 00:43 - 2013-11-27 16:24 - 00029184 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-16 00:18 - 2014-02-05 10:11 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-16 00:16 - 2014-01-29 16:53 - 00000000 ____D () C:\Users\Andy\AppData\Local\TSVNCache
2015-02-16 00:14 - 2014-01-30 10:29 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2015-02-16 00:14 - 2014-01-13 11:07 - 00000000 ____D () C:\Users\Andy
2015-02-16 00:11 - 2015-01-15 22:22 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2015-02-16 00:11 - 2014-11-28 23:38 - 00000000 ____D () C:\ProgramData\SpeedBit
2015-02-16 00:11 - 2014-11-28 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2015-02-16 00:11 - 2014-11-28 23:38 - 00000000 ____D () C:\Program Files (x86)\DAP
2015-02-16 00:11 - 2014-11-17 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-02-16 00:11 - 2014-04-03 12:11 - 00000000 ____D () C:\ProgramData\EPSON
2015-02-16 00:11 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-16 00:11 - 2013-11-27 16:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 00:11 - 2013-08-22 07:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-16 00:11 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-16 00:11 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-16 00:11 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-16 00:11 - 2013-08-22 05:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-16 00:11 - 2013-08-22 05:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-02-16 00:05 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-15 22:56 - 2014-08-10 12:20 - 00000000 ____D () C:\temp
2015-02-15 12:41 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-13 17:23 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 16:04 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 08:10 - 2014-01-09 13:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-10 20:02 - 2014-01-25 20:00 - 00000866 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3529227163-4030713021-2619580118-1002Core.job
2015-02-07 13:40 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(188)
2015-02-06 22:46 - 2014-05-11 15:32 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-06 18:59 - 2014-01-06 21:15 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:59 - 2014-01-06 21:15 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 19:57 - 2014-01-25 20:00 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3529227163-4030713021-2619580118-1002UA
2015-02-04 19:57 - 2014-01-25 20:00 - 00003482 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3529227163-4030713021-2619580118-1002Core
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 12:24 - 2014-10-09 06:53 - 00003564 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3529227163-4030713021-2619580118-1002
2015-01-26 10:23 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2015-01-18 12:36 - 2014-09-25 09:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-01-17 19:00 - 2014-01-06 22:16 - 00000000 ____D () C:\Users\Andy\Documents\My Received Files

==================== Files in the root of some directories =======

2014-01-31 10:26 - 2014-03-31 13:22 - 0000000 _____ () C:\Users\Andy\AppData\Local\debuggee.mdmp
2014-04-07 11:59 - 2014-04-07 11:59 - 0002144 _____ () C:\Users\Andy\AppData\Local\recently-used.xbel
2014-01-11 00:24 - 2014-11-02 21:35 - 0007619 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2013-11-27 16:22 - 2013-11-27 16:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-08 20:36 - 2014-03-08 21:00 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-15 13:26

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 21 February 2015 - 10:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Do you know what did does?
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BigStretchExtras.exe

If not please submit the file at Virustotal for a scan.

Navigate here and submit the file.
https://www.virustotal.com/
Please post the results for my review.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3529227163-4030713021-2619580118-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=F1Gagws&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529227163-4030713021-2619580118-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF SearchPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\86fegydc.default\searchplugins\google-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtCyE0DtCtB0BzzyEyE0CtAyE0E0AtN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StAtBtAtAtDtByDyCtGtC0D0C0FtG0EtB0F0AtGtA0A0ByBtGtAtC0BtA0AzyyB0CzyyBzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytBzy0CtAtB0AtGtCyBzy0EtG0A0BzztDtG0FyB0DzytGtCzy0AtBzztCzztC0CyD0F0D2Q&cr=1633548481&ir="
CHR Extension: (Honey) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-01-15]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-05]
CHR Extension: (Poppit!) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-01-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
S3 ApfiltrService; \SystemRoot\system32\DRIVERS\Apfiltr.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Task: {831E3C31-4718-435C-B5B4-475485ACC623} - System32\Tasks\SBWUpdateTask_Logon_700dee23-00C2C638B3B3 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-07] (Speedbit Ltd.) <==== ATTENTION
Task: {C2F10429-6370-47D4-8EF8-6DDE525685C7} - System32\Tasks\SBWUpdateTask_Time_700dee23-00C2C638B3B3 => C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-07] (Speedbit Ltd.) <==== ATTENTION
C:\Program Files (x86)\Common Files\SpeedBit
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 LordVoldemoo

LordVoldemoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 February 2015 - 08:09 PM

Thank you Soooo Much! It's running fine now. I've been testing it out for a couple of hours just to make sure.

 

To answer your question, BigStretchExtras.exe is a file I created. It attaches a sound when BigStretch is done and closes its window. BigStretch is a periodic reminder to get up and stretch every 20 minutes.

 

I've gone ahead and attached the files you requested. I hope they help narrowing down the problem for others.

 

Thanks,

 

Lord Voldemoo

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 22 February 2015 - 09:09 AM

Looking good.

One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 LordVoldemoo

LordVoldemoo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 22 February 2015 - 04:30 PM

Hi! Running great! Thanks!

 

I was surprised to see Superfish in the previous set of logs since my laptop is over a year old. Regardless, I'm glad it's gone.

 

Here's the content you asked for:

 

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Mozilla Firefox 33.0 Firefox out of Date!  
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 23 February 2015 - 09:43 AM

This is the latest version of Java 64-bit 8 Update 31. You are good.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 01 March 2015 - 09:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users