Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Ads Playing - Audiodg.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 paisan99

paisan99

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 20 February 2015 - 02:22 PM

Random Audio Ads are playing.  I only notice that ending audiodg.exe will stop the ad from playing temporarily but they come back and I notice audiodg.exe has restarted.  Ran the usual Malwarebytes, Adwcleaner, and various root kit removal tools but they don't find anything.  Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by JCondren (administrator) on EL2-JCONDREN on 20-02-2015 13:12:32
Running from C:\Users\jcondren\Desktop
Loaded Profiles: JCondren (Available profiles: tech & Tech & JCondren)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [718168 2013-11-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2430841586-2722760830-2542085866-8732\...\Run: [GoogleChromeAutoLaunch_B3A780F6E6F576597BCD165A6A3A9D26] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2430841586-2722760830-2542085866-8732\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2430841586-2722760830-2542085866-8732\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2430841586-2722760830-2542085866-8732\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2430841586-2722760830-2542085866-8732\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leyden212.org/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 172.17.1.247 172.16.2.247
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2430841586-2722760830-2542085866-8732: @citrixonline.com/appdetectorplugin -> C:\Users\jcondren\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-08-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.leyden212.org/library/
CHR StartupUrls: Default -> "https://mail.google.com/mail", "hxxp://www.leyden212.org/library/", "https://isearch.avg.com/?cid={3C2E9D2A-7747-4BCC-B141-CF0BDE08B243}&mid=3b32b920d43647d0b4a3d16dae5161ec-5624f2867d3b50c5d687948b1f19f9f18b7e758a&lang=en&ds=ft011&pr=sa&d=2012-10-04 12:50:49&v=12.2.5.34&sap=hp", "hxxp://www.leyden212.org/library", "hxxp://isearch.avg.com/?cid={3C2E9D2A-7747-4BCC-B141-CF0BDE08B243}&mid=3b32b920d43647d0b4a3d16dae5161ec-5624f2867d3b50c5d687948b1f19f9f18b7e758a&lang=en&ds=ft011&pr=sa&d=2012-10-04 12:50:49&v=14.2.0.1&pid=avg&sg=&sap=hp"
CHR Profile: C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Art Project, powered by Google) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2014-08-18]
CHR Extension: (Google Docs) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-10]
CHR Extension: (Google Drive) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (Phonetizer) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmdhabjkgnocagfmpjhmllfdjgedfab [2014-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-10]
CHR Extension: (MyNetDiary Calorie Counter and Food Diary) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjackipnjjjefeppmpbgcdefaplneopj [2015-02-03]
CHR Extension: (Ancient Map) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-08-28]
CHR Extension: (YouTube) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (GeoGebra) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-08-18]
CHR Extension: (EasyBib) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbpiiblghhnlalifiaddecedaeaijdpe [2014-08-18]
CHR Extension: (Todoist for Gmail) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff [2014-08-18]
CHR Extension: (Google Search) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (Read Later Fast) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2014-08-18]
CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-08-18]
CHR Extension: (Chemical Elements) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilhonghnelklfkaekhjibgnbfelgbho [2014-08-18]
CHR Extension: (Gmail Offline) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-08-18]
CHR Extension: (My Fitness Pal Data Downloader) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejigkdnkmegmdnemjpnfmnapmpgjeopn [2015-02-03]
CHR Extension: (Google Calendar) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-18]
CHR Extension: (Zotero Connector) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-08-18]
CHR Extension: (Movenote for Education) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhhpolibfeihcdjjgkkoihbdbioejmh [2014-08-18]
CHR Extension: (iTunes Instant Search) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmbfoefaoljaookkbdikjoaikdaphkof [2014-08-18]
CHR Extension: (AdBlock) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-23]
CHR Extension: (FoodPlanner Recipe Importer) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkifebpcganhgfogmcpedecenfobbidh [2015-02-03]
CHR Extension: (Pin It Button) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-18]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-18]
CHR Extension: (The Elementals) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2014-08-18]
CHR Extension: (StudyBlue, Inc.) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh [2014-08-18]
CHR Extension: (NPR Infinite Player) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-08-18]
CHR Extension: (EasyBib Tools) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmffdimoneaieldiddcmajhbjijmnggi [2014-08-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-18]
CHR Extension: (Google Play Music) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-08-18]
CHR Extension: (Clearly) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-08-18]
CHR Extension: (Lose It!) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn [2015-02-03]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2014-08-18]
CHR Extension: (ShortenMe (goo.gl URL shortener + QR codes)) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn [2014-08-18]
CHR Extension: (Cloud Music) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpegcngmgkeghjnjlooefjgohcinpiif [2014-08-18]
CHR Extension: (Diigo Web) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2014-08-18]
CHR Extension: (Simplebooklet) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhnhfkmicpmbafobnpegjhaihjinph [2014-08-18]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-08-18]
CHR Extension: (Google Mail Checker) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-18]
CHR Extension: (Google Play Books) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-08-18]
CHR Extension: (My Study Life) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2014-08-18]
CHR Extension: (StudyStack) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboldpjijadohjhnkadkdbonjlgbjadd [2014-08-18]
CHR Extension: (Graph.tk) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Scientific Calculator) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2014-08-18]
CHR Extension: (Readability) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-08-18]
CHR Extension: (Carrotsticks) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhndfefijlfdocdccodkokemkhbeglc [2014-08-18]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-08-18]
CHR Extension: (mySchoolNotebook.com) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamfapbnciponedgddhhlaodehbfhaai [2014-08-18]
CHR Extension: (Viewster - Watch Free Movies Online) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2014-08-18]
CHR Extension: (Pearson OpenClass) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\phllacioehenkhbnlpihgnhghgckpplm [2014-08-18]
CHR Extension: (Evernote Web Clipper) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-18]
CHR Extension: (Gmail) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR Profile: C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-21]
CHR Extension: (Google Docs) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
CHR Extension: (Google Drive) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-08-21]
CHR Extension: (Audiotool) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2014-08-21]
CHR Extension: (YouTube) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
CHR Extension: (GeoGebra) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-08-21]
CHR Extension: (Google Search) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
CHR Extension: (Daum Equation Editor) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dinfmiceliiomokeofbocegmacmagjhe [2014-08-21]
CHR Extension: (Chrome Colors) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eblcjjbpfhfdbeghccnnkopafebbmbmo [2014-08-21]
CHR Extension: (Google Sheets) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-21]
CHR Extension: (Google Tasks Panel) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmjdflobmjpeohnoefalpjeocgpdeffo [2015-01-28]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-21]
CHR Extension: (StudyBlue, Inc.) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hiicppnmnhhkaaboclnefgkbnpkompmh [2014-08-21]
CHR Extension: (goo.gl URL Shortener) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2014-08-21]
CHR Extension: (Kindle Cloud Reader) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-21]
CHR Extension: (Hapara Interact Extension) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iehakgpdecaomokcdicdigpbmipnllcg [2014-08-21]
CHR Extension: (Readability Redux) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jggheggpdocamneaacmfoipeehedigia [2014-08-21]
CHR Extension: (MP3 Player) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kadoojjbafjcfdjcafflfnoimccbnlfd [2014-08-21]
CHR Extension: (Diigo Web) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2014-08-21]
CHR Extension: (Evernote Web) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-08-21]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-08-21]
CHR Extension: (To Do List) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncecfaonfegfhpgknfcepbfjlnojigde [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-21]
CHR Extension: (My Chrome Theme) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-08-21]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-08-21]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-08-21]
CHR Extension: (Pearson OpenClass) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phllacioehenkhbnlpihgnhghgckpplm [2014-08-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-21]
CHR Extension: (Gmail) - C:\Users\jcondren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2013-11-18] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S4 SmartDeploy; C:\windows\SysWOW64\SmartDeploy.exe [208088 2014-04-07] (SmartDeploy
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2013-10-10] (Broadcom Corp.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-04] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-18] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-02-13] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
S3 MFE_RR; C:\Users\jcondren\AppData\Local\Temp\mfe_rr.sys [23600 2015-02-18] (McAfee, Inc.)
S3 NW1900; C:\Windows\system32\drivers\NW1900.sys [140568 2014-02-12] (SMART Technologies)
S3 NWLowRider; C:\Windows\system32\drivers\NWLowRider.sys [25456 2014-02-12] ()
S3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [27832 2014-02-12] ()
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\system32\drivers\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [69896 2013-02-21] (STMicroelectronics)
R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [35168 2013-11-04] (ShoreTel, Inc)
S3 STI2303X64; C:\Windows\System32\Drivers\STI2303X64.sys [95232 2014-02-12] (SMART Technologies ULC)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [269488 2013-06-13] (Sierra Wireless Incorporated)
S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [269488 2013-06-13] (Sierra Wireless Incorporated)
S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [87416 2013-06-13] (Sierra Wireless Inc.)
S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [87416 2013-06-13] (Sierra Wireless Inc.)
S3 vmusbmouse; C:\Windows\System32\DRIVERS\vmusbmouse.sys [15512 2014-03-21] (VMware, Inc.)
U4 AmdK6; No ImagePath
U4 AmdK7; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 Crusoe; No ImagePath
U4 P3; No ImagePath
U4 ViaC7; No ImagePath
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-20 13:12 - 2015-02-20 13:12 - 02086912 _____ (Farbar) C:\Users\jcondren\Desktop\FRST64.exe
2015-02-20 13:12 - 2015-02-20 13:12 - 00034969 _____ () C:\Users\jcondren\Desktop\FRST.txt
2015-02-20 13:12 - 2015-02-20 13:12 - 00000000 ____D () C:\FRST
2015-02-20 10:47 - 2015-02-20 10:47 - 00022494 __RSH () C:\ProgramData\ntuser.pol
2015-02-20 10:45 - 2015-02-20 10:45 - 00000000 ____D () C:\Rooter$
2015-02-20 10:44 - 2015-02-20 10:45 - 00173119 _____ (Eric_71) C:\Users\jcondren\Downloads\Rooter.exe
2015-02-18 12:56 - 2015-02-18 12:58 - 00000000 ____D () C:\AdwCleaner
2015-02-18 12:55 - 2015-02-18 12:55 - 02112512 _____ () C:\Users\jcondren\Downloads\AdwCleaner.exe
2015-02-18 12:55 - 2015-02-18 12:55 - 00000000 ____D () C:\Users\jcondren\Pavark
2015-02-18 12:54 - 2015-02-18 12:54 - 00310641 _____ () C:\Users\jcondren\Downloads\AntiRootkit.zip
2015-02-18 12:50 - 2015-02-18 15:40 - 00000000 ____D () C:\Users\jcondren\AppData\Local\CrashDumps
2015-02-18 12:50 - 2015-02-18 12:50 - 00231390 _____ () C:\Users\jcondren\Downloads\RootkitRevealer.zip
2015-02-18 12:48 - 2015-02-18 12:48 - 00089324 _____ () C:\Users\jcondren\Downloads\avira_antivir_antirootkit_en.zip
2015-02-18 12:48 - 2015-02-18 12:48 - 00089324 _____ () C:\Users\jcondren\Downloads\avira_antivir_antirootkit_en (1).zip
2015-02-18 11:49 - 2015-02-18 11:49 - 11425992 _____ (Bitdefender LLC) C:\Users\jcondren\Downloads\BootkitRemoval_x64.exe
2015-02-18 10:03 - 2015-02-18 10:03 - 00000000 ____D () C:\Users\tech.LEYDEN\AppData\Roaming\Macromedia
2015-02-18 10:00 - 2015-02-18 10:00 - 00000000 ____D () C:\windows\Minidump
2015-02-18 09:51 - 2015-02-18 10:47 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-18 09:48 - 2015-02-18 09:48 - 110856680 _____ (Sophos Limited) C:\Users\jcondren\Downloads\Sophos Virus Removal Tool.exe
2015-02-18 09:43 - 2015-02-18 09:43 - 00380416 _____ () C:\Users\jcondren\Downloads\wuj1c2ec.exe
2015-02-18 09:39 - 2015-02-18 09:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-18 09:38 - 2015-02-18 09:42 - 00000000 ____D () C:\Users\jcondren\Desktop\mbar
2015-02-18 09:38 - 2015-02-18 09:38 - 16466552 _____ (Malwarebytes Corp.) C:\Users\jcondren\Downloads\mbar-1.08.3.1004.exe
2015-02-18 09:38 - 2015-02-18 09:38 - 00783120 _____ (McAfee, Inc.) C:\Users\jcondren\Downloads\rootkitremover.exe
2015-02-18 09:38 - 2015-02-18 09:38 - 00000310 _____ () C:\Users\jcondren\Downloads\RootkitRemover_20150218_093818.log
2015-02-18 09:29 - 2015-02-18 12:56 - 00000000 ____D () C:\windows\erdnt
2015-02-18 09:25 - 2015-02-18 09:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\jcondren\Downloads\tdsskiller.exe
2015-02-18 08:39 - 2015-02-18 08:39 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-18 08:37 - 2015-02-18 08:37 - 00001427 _____ () C:\Users\tech.LEYDEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 08:37 - 2015-02-18 08:37 - 00000000 ____D () C:\Users\tech.LEYDEN\AppData\Roaming\AVG2013
2015-02-18 08:37 - 2015-02-18 08:37 - 00000000 ____D () C:\Users\tech.LEYDEN\AppData\Local\Avg2013
2015-02-13 13:53 - 2015-02-13 13:54 - 05806508 _____ () C:\Users\jcondren\Downloads\Presentation1.pptx
2015-02-11 09:40 - 2015-01-06 21:15 - 00104896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys
2015-02-11 09:40 - 2015-01-06 21:10 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2015-02-11 09:40 - 2015-01-06 20:44 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2015-02-11 09:40 - 2015-01-06 19:49 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2015-02-11 09:40 - 2015-01-06 19:49 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-02-11 09:40 - 2015-01-06 19:48 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-02-11 09:40 - 2015-01-06 19:48 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-02-11 09:40 - 2015-01-06 19:48 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2015-02-11 09:36 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 09:36 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 09:36 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 09:36 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 09:36 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 09:36 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 09:36 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 09:36 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 09:36 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 09:36 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 09:36 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 09:36 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:35 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:35 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 09:35 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 09:35 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 09:35 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 09:35 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 09:35 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 09:35 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 09:35 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 09:35 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 09:34 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 09:34 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 09:34 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 09:34 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 09:34 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:34 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:34 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 09:33 - 2015-01-13 00:59 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 09:33 - 2015-01-13 00:59 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 09:33 - 2015-01-13 00:59 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 09:33 - 2015-01-13 00:58 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 09:33 - 2015-01-13 00:58 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 09:33 - 2015-01-13 00:58 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 02655744 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 09:33 - 2015-01-13 00:57 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 09:33 - 2015-01-13 00:57 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 09:33 - 2015-01-12 23:01 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 09:33 - 2015-01-12 23:01 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 09:33 - 2015-01-12 23:01 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 09:33 - 2015-01-12 23:00 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 09:33 - 2015-01-12 23:00 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 09:33 - 2015-01-12 22:42 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 09:33 - 2015-01-12 22:17 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-02-11 09:33 - 2015-01-12 22:10 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 09:33 - 2015-01-12 21:52 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-02-11 09:33 - 2015-01-12 21:43 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-02-11 09:33 - 2015-01-12 21:19 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-11 09:33 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 09:32 - 2015-01-13 00:59 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 09:32 - 2015-01-13 00:58 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 09:32 - 2015-01-13 00:57 - 15403008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 09:32 - 2015-01-12 23:00 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 09:32 - 2015-01-12 23:00 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 08:34 - 2015-02-11 08:34 - 10116312 _____ () C:\Users\jcondren\Downloads\Untitled video (1).avi
2015-02-11 08:32 - 2015-02-11 08:32 - 10116312 _____ () C:\Users\jcondren\Downloads\Untitled video.avi
2015-02-11 08:29 - 2015-02-11 08:29 - 00000000 ____D () C:\Users\jcondren\Documents\Dell WebCam Central
2015-02-11 08:29 - 2015-02-11 08:29 - 00000000 ____D () C:\ProgramData\Creative
2015-01-27 09:21 - 2015-01-27 09:21 - 00009344 _____ () C:\Users\jcondren\Downloads\lg2_database_import_template.xlsx
2015-01-21 16:57 - 2015-01-21 17:00 - 00000000 ____D () C:\Users\jcondren\Desktop\823WGTMA
2015-01-21 16:57 - 2015-01-21 16:57 - 00000000 ____D () C:\Users\jcondren\Desktop\860OKMZO
2015-01-21 08:41 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-20 13:06 - 2014-06-09 11:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 13:01 - 2014-07-28 09:29 - 01170966 _____ () C:\windows\WindowsUpdate.log
2015-02-20 12:56 - 2014-06-09 10:13 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 12:35 - 2014-09-17 07:43 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2430841586-2722760830-2542085866-8732.job
2015-02-20 12:27 - 2014-06-10 09:28 - 00000120 _____ () C:\windows\system32\config\netlogon.ftl
2015-02-20 10:45 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2015-02-20 09:51 - 2014-06-11 07:45 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-20 07:56 - 2014-06-09 10:13 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 13:57 - 2014-06-09 10:13 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 15:57 - 2014-08-10 09:34 - 00000000 ____D () C:\Users\jcondren\AppData\Local\Avg2013
2015-02-18 15:40 - 2014-06-06 16:11 - 00000000 ____D () C:\windows\Panther
2015-02-18 13:06 - 2009-07-13 22:45 - 00029920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 13:06 - 2009-07-13 22:45 - 00029920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 13:03 - 2009-07-13 23:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 12:59 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 12:55 - 2014-08-10 09:34 - 00000000 ____D () C:\Users\jcondren
2015-02-18 10:47 - 2014-06-11 08:10 - 00000000 ____D () C:\windows\system32\appmgmt
2015-02-18 09:54 - 2014-09-17 07:43 - 00003576 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2430841586-2722760830-2542085866-8732
2015-02-18 09:39 - 2014-06-09 10:39 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 09:38 - 2014-06-09 10:39 - 00097496 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-18 09:35 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-02-18 09:34 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-02-18 08:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-18 08:39 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 08:38 - 2014-08-08 21:13 - 00005048 __RSH () C:\Users\tech.LEYDEN\ntuser.pol
2015-02-18 08:38 - 2014-06-10 10:53 - 00000000 ____D () C:\Users\tech.LEYDEN
2015-02-18 08:37 - 2014-08-10 10:29 - 00000000 ____D () C:\Users\tech.LEYDEN\AppData\Roaming\Adobe
2015-02-18 08:37 - 2014-08-08 21:13 - 00113720 _____ () C:\Users\tech.LEYDEN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-18 08:37 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-18 07:32 - 2014-08-10 09:41 - 00000000 ____D () C:\Users\jcondren\AppData\Local\Adobe
2015-02-13 15:05 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2015-02-13 13:54 - 2014-08-28 06:02 - 00000000 ____D () C:\Users\jcondren\AppData\Local\Deployment
2015-02-13 13:22 - 2009-07-13 22:45 - 04982336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 13:22 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-11 09:38 - 2014-06-09 09:38 - 00774004 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-11 09:37 - 2014-06-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 07:51 - 2014-06-09 10:13 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 07:51 - 2014-06-09 10:13 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 07:10 - 2014-08-21 11:11 - 00002375 _____ () C:\Users\jcondren\Desktop\First user - Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\jcondren\AppData\Local\Temp\ELYYJXF.exe
C:\Users\jcondren\AppData\Local\Temp\LJUXJAM.exe
C:\Users\jcondren\AppData\Local\Temp\Quarantine.exe
C:\Users\jcondren\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 14:58
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 20 February 2015 - 02:27 PM

Hello paisan99 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Have a nice day.

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 20 February 2015 - 05:45 PM

Hi
 
audiodg.exe ---> Here.
audiodg.exe  a file clean . And I see not your reports.
 
Please read this. Could possibly be such a problem.
--------------------------
Step 1:
 FRST Script:
 Ensure your external and/or USB drives are inserted during the scan
 Please download this attached txt.gif  fixlist.txt   3.8KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 24 February 2015 - 05:32 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 26 February 2015 - 04:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users