Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a virus and nothing seems to be working.


  • This topic is locked This topic is locked
7 replies to this topic

#1 BaMoore

BaMoore

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 April 2015 - 03:32 AM

So lately, for no apparent reason, my computer has become rather erratic in speeds- sometimes moving fast, other times moving slow, sometimes failing to respond, popups are prevalent and for some reason right clicking doesn't work anymore. So I ran my Kaspersky anti-virus software and it detected nothing. I then ran Malewarebytes and it detected nothing. I ran spybot and it detected some spy/adware, so I deleted it. Nothing changed and when I ran it again, it detected the exact same problems. I made sure everything was up to date and tried the same thing in safemode, but it was the same story.

 

I then looked online and tried a few different stuff- Superspyhunter. Roguekiller and some adwareblocker (can't think of the name right now), but they didn't do anything more. I then decided to do a system restore, but much to my confusion, there weren't any restore points. I don't know what the hell happened there, as I was under the impression one is created every time there is an update from windows. So I have no idea what to do next. I'm not a computer expert, so don't want to do a lot with Hijackme without help. So is there anything I can do that doesn't require a full reset or paying for a software?

 

I'd post the Spybot log, but I don't think that is allowed without permission.

 

Edit: Forgot to mention, I use Windows 8.


Edited by BaMoore, 05 April 2015 - 07:14 AM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 05 April 2015 - 08:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 BaMoore

BaMoore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 April 2015 - 08:26 AM

Thank you! Here it is!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Owner (administrator) on H8-1414 on 05-04-2015 06:15:01
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-07-27] (IVT Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412315664-152866080-145985729-1001\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-1412315664-152866080-145985729-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1412315664-152866080-145985729-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1412315664-152866080-145985729-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {F802035B-ACB7-4E84-A50E-D51269D05B16} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {F802035B-ACB7-4E84-A50E-D51269D05B16} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1412315664-152866080-145985729-1001 -> {3A597A35-2E2E-41DF-8140-8E86AEB4FD6E} URL =
SearchScopes: HKU\S-1-5-21-1412315664-152866080-145985729-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1412315664-152866080-145985729-1001 -> {F802035B-ACB7-4E84-A50E-D51269D05B16} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\thfvrowj.default-1428161251365
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-11-11]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2012-08-10] (Andrea Electronics Corporation) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-07-23] (IVT Corporation) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48352 2012-07-11] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-04-04] ()
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 06:15 - 2015-04-05 06:15 - 00019983 _____ () C:\Users\Owner\Downloads\FRST.txt
2015-04-05 06:14 - 2015-04-05 06:15 - 00000000 ____D () C:\FRST
2015-04-05 06:14 - 2015-04-05 06:14 - 02095616 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2015-04-05 02:35 - 2015-04-05 06:10 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 02:34 - 2015-04-05 02:34 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-05 02:34 - 2015-04-05 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-05 02:34 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-05 02:34 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-05 02:34 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-05 02:33 - 2015-04-05 02:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-04 21:51 - 2015-04-04 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-04-04 21:44 - 2015-04-04 21:54 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-04-04 21:44 - 2015-04-04 21:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-04 21:42 - 2015-04-04 21:42 - 16748632 _____ () C:\Users\Owner\Downloads\RogueKiller.exe
2015-04-04 11:44 - 2015-04-04 11:44 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-04 11:33 - 2015-04-04 11:42 - 00000000 ____D () C:\Users\Owner\Downloads\backups
2015-04-04 11:26 - 2015-04-04 11:37 - 00011999 _____ () C:\Users\Owner\Downloads\hijackthis.log
2015-04-04 11:26 - 2015-04-04 11:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Downloads\HijackThis.exe
2015-04-04 11:24 - 2015-04-04 11:24 - 00251392 _____ () C:\Users\Owner\Downloads\hijackthis_sfx.exe
2015-04-04 11:18 - 2015-04-04 11:18 - 00000000 ____D () C:\VundoFix Backups
2015-04-04 11:06 - 2015-04-04 11:06 - 00000000 ____D () C:\SUPERDelete
2015-04-04 11:04 - 2015-04-04 11:04 - 21578888 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2015-04-04 10:46 - 2015-04-04 10:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Macromedia
2015-04-04 10:19 - 2015-04-04 10:20 - 04095448 _____ (BrightFort LLC ) C:\Users\Owner\Downloads\spywareblastersetup50(1).exe
2015-04-04 10:19 - 2015-04-04 10:19 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-04 10:19 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2015-04-04 08:52 - 2015-04-04 08:52 - 00000000 ____D () C:\Users\Owner\.android
2015-04-04 02:57 - 2015-04-04 02:57 - 00003116 _____ () C:\windows\System32\Tasks\{6CC6981B-8308-4683-8415-5737F394174C}
2015-04-04 02:03 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-04-04 02:03 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-04-03 17:59 - 2015-04-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 23:31 - 2015-03-31 23:31 - 00003080 _____ () C:\windows\System32\Tasks\{0E25BB38-9F86-4C85-924F-C038768834BA}
2015-03-31 01:38 - 2015-03-31 01:38 - 09265555 _____ () C:\Users\Owner\Desktop\Excel saga OST volumen 1 - Image color wa yappari [aka]! - YouTube.mp4
2015-03-29 06:09 - 2015-03-29 06:09 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-29 06:09 - 2015-03-29 06:09 - 00001341 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-29 06:09 - 2015-03-29 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-29 06:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-03-29 06:07 - 2015-03-29 06:07 - 00000085 _____ () C:\windows\wininit.ini
2015-03-29 06:05 - 2015-03-29 06:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2015-03-25 07:45 - 2015-03-25 07:53 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2015-03-24 19:53 - 2012-07-25 22:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20150324-195350.backup
2015-03-24 19:43 - 2015-04-04 10:56 - 00000000 _____ () C:\Recovery.txt
2015-03-24 16:57 - 2015-03-10 22:21 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 16:57 - 2015-03-10 22:20 - 00943104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 16:57 - 2015-03-10 22:20 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 16:57 - 2015-03-10 22:20 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 16:57 - 2015-03-10 22:20 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 16:57 - 2015-03-10 22:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-24 16:57 - 2015-03-10 15:04 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 16:57 - 2015-03-04 00:26 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2015-03-24 16:57 - 2015-03-04 00:26 - 00467952 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2015-03-24 16:57 - 2015-03-04 00:26 - 00011105 _____ () C:\windows\system32\AutoconfigV2.cab
2015-03-24 16:57 - 2015-03-03 23:41 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-03-24 16:57 - 2015-03-03 23:41 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-24 16:57 - 2015-03-03 21:53 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-03-24 16:57 - 2015-03-03 21:53 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-24 09:22 - 2015-03-24 09:22 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\0F43587A.sys
2015-03-24 09:21 - 2015-03-24 09:21 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\1563585C.sys
2015-03-13 21:54 - 2015-03-13 21:54 - 00321600 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 15:37 - 2015-03-06 00:39 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-03-11 15:37 - 2015-03-06 00:39 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 15:37 - 2015-03-05 22:48 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-03-11 15:37 - 2015-03-05 22:48 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 15:37 - 2015-02-25 21:35 - 04063232 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 15:37 - 2015-02-23 03:52 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 15:37 - 2015-02-23 03:52 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 15:37 - 2015-02-23 03:51 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 15:37 - 2015-02-23 03:51 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2015-03-11 15:37 - 2015-02-23 03:51 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 15:37 - 2015-02-23 03:51 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 15:37 - 2015-02-23 03:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 19301888 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 15410688 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 02656256 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 15:37 - 2015-02-23 03:50 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 15:37 - 2015-02-23 03:49 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 15:37 - 2015-02-23 02:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 15:37 - 2015-02-23 02:15 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2015-03-11 15:37 - 2015-02-23 01:51 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-11 15:37 - 2015-02-20 22:31 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 15:37 - 2015-02-20 22:31 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 15:37 - 2015-02-20 22:31 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 15:37 - 2015-02-20 22:31 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 14380544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 13768704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 15:37 - 2015-02-20 22:30 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 15:37 - 2015-02-20 22:29 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 15:37 - 2015-02-20 22:29 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 15:37 - 2015-02-20 22:29 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 15:37 - 2015-02-20 22:09 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 15:37 - 2015-02-20 22:07 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2015-03-11 15:37 - 2015-02-20 21:42 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-03-11 15:37 - 2015-02-20 20:00 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2015-03-11 15:37 - 2015-02-20 06:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 15:37 - 2015-02-20 04:56 - 00366592 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 15:37 - 2015-02-20 01:10 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 15:37 - 2015-02-20 00:24 - 00304128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 15:37 - 2015-02-02 16:18 - 00569712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 15:37 - 2015-01-31 06:48 - 00044024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-03-11 15:37 - 2015-01-30 22:55 - 00275712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-03-11 15:37 - 2015-01-29 01:05 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 15:37 - 2015-01-28 23:19 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 15:37 - 2015-01-23 23:42 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 15:37 - 2015-01-23 22:00 - 00243712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 15:36 - 2015-02-16 23:54 - 19777536 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 15:36 - 2015-02-16 22:13 - 17561600 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 15:36 - 2015-02-12 16:18 - 00396419 _____ () C:\windows\system32\ApnDatabase.xml
2015-03-11 15:36 - 2015-01-29 01:45 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 15:36 - 2015-01-23 23:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 15:36 - 2015-01-23 22:00 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 15:36 - 2015-01-23 21:31 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-11 15:36 - 2015-01-19 23:41 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 15:36 - 2015-01-19 22:10 - 00892416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 06:11 - 2012-12-01 02:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 05:15 - 2012-11-11 15:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-05 05:01 - 2012-07-30 10:22 - 00000821 _____ () C:\windows\SysWOW64\bscs.ini
2015-04-05 05:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2015-04-05 04:58 - 2012-09-19 20:28 - 00004524 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2015-04-05 04:58 - 2012-09-19 20:28 - 00000043 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2015-04-05 04:57 - 2012-12-22 18:09 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs
2015-04-05 03:20 - 2013-03-21 01:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-04-05 02:34 - 2014-07-09 16:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-05 02:15 - 2012-11-11 14:41 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{80D32332-DDFC-447D-9130-15FD54FF01CD}
2015-04-04 23:31 - 2012-11-11 14:40 - 01180211 _____ () C:\windows\WindowsUpdate.log
2015-04-04 23:08 - 2012-07-26 00:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-04 23:02 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-04 22:50 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\NDF
2015-04-04 21:56 - 2012-11-11 14:40 - 00000000 ____D () C:\Users\Owner
2015-04-04 21:34 - 2012-08-01 19:02 - 00705838 _____ () C:\windows\PFRO.log
2015-04-04 20:41 - 2013-03-21 02:14 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1412315664-152866080-145985729-1001
2015-04-04 20:32 - 2012-12-29 03:23 - 00000000 ____D () C:\windows\Minidump
2015-04-04 11:26 - 2012-11-11 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-04-04 10:24 - 2012-09-19 20:00 - 00000000 ____D () C:\ProgramData\Temp
2015-04-04 10:17 - 2012-11-12 02:50 - 00432128 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2015-04-04 08:49 - 2012-07-25 22:26 - 00008192 ___SH () C:\windows\system32\config\BBI
2015-04-04 07:16 - 2013-01-23 22:53 - 05746688 ___SH () C:\Users\Owner\Desktop\Thumbs.db
2015-04-04 03:05 - 2013-03-13 18:22 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForOwner.job
2015-04-04 03:05 - 2012-11-12 02:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 02:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources
2015-04-03 02:04 - 2012-12-22 18:03 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2015-04-03 02:02 - 2013-08-25 18:15 - 00542208 ___SH () C:\Users\Owner\Thumbs.db
2015-04-02 03:18 - 2013-03-13 18:22 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForOwner
2015-04-01 00:16 - 2013-01-23 22:45 - 00000000 ____D () C:\Users\Owner\Documents\VideoPad Projects
2015-03-31 07:23 - 2014-12-11 07:08 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-31 07:23 - 2014-07-09 22:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-31 07:23 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2015-03-30 08:59 - 2014-12-04 22:41 - 00000000 ____D () C:\Users\Owner\Desktop\YMS
2015-03-29 06:09 - 2014-01-02 05:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-29 06:09 - 2014-01-02 05:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-26 17:32 - 2014-12-04 22:43 - 00000000 ____D () C:\Users\Owner\Desktop\Movie Reviews
2015-03-25 07:54 - 2014-04-26 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2015-03-25 07:54 - 2014-04-26 22:21 - 00000000 ____D () C:\ProgramData\ScanSoft
2015-03-25 07:54 - 2014-04-26 22:21 - 00000000 ____D () C:\Program Files (x86)\Nuance
2015-03-25 07:52 - 2012-12-22 18:03 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-24 20:12 - 2014-11-01 15:40 - 00000000 ____D () C:\windows\rescache
2015-03-24 17:41 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2015-03-23 16:39 - 2012-11-14 18:51 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-13 21:51 - 2012-09-19 20:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-03-13 21:51 - 2012-09-19 20:02 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-13 21:48 - 2014-12-01 17:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-12 21:42 - 2014-10-21 09:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-03-12 21:42 - 2012-12-01 02:07 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-12 21:36 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 21:36 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 21:36 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 21:36 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 21:35 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2015-03-11 21:17 - 2013-07-19 03:55 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 21:13 - 2012-12-13 01:10 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 20:56 - 2014-10-11 18:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-10 20:56 - 2013-03-21 01:06 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-01-23 22:44 - 2013-01-23 22:44 - 0160974 _____ () C:\Users\Owner\AppData\Roaming\VideoPad.dmp
2013-11-16 19:15 - 2014-10-05 04:52 - 0000137 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-11-16 19:15 - 2013-11-18 01:27 - 0000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-03-20 23:11 - 2013-03-20 23:12 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-24 21:54 - 2015-02-24 21:54 - 0000861 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2013-11-16 17:55 - 2013-11-16 17:55 - 0000026 ____H () C:\ProgramData\.119889580931711767808769176
2013-11-16 17:53 - 2013-11-16 17:53 - 0000021 ____H () C:\ProgramData\.24554863501262644635642126105
2013-11-18 01:09 - 2013-11-18 01:09 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2012-11-11 14:43 - 2012-11-11 14:43 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 06:58

==================== End Of Log ============================

Attached Files


Edited by BaMoore, 05 April 2015 - 08:27 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 05 April 2015 - 12:05 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please let me know what problem persists.

#5 BaMoore

BaMoore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 April 2015 - 06:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Owner at 2015-04-05 16:36:04 Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
BthAvrcpTg => Service deleted successfully.
BthHFEnum => Service deleted successfully.
bthhfhid => Service deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 16:36:06 ====

 

The spybot seems like it's still moving incredibly slow, but I'm running the scan anyway.

Edit: Yeah, the only thing that seems to have changed is the browser hasn't crashed and it doesn't seem as slow. Spybot seems to get stuck on something called Win32, Zlob Downloader and Virtumonde.


Edited by BaMoore, 06 April 2015 - 01:18 AM.


#6 BaMoore

BaMoore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 06 April 2015 - 03:51 AM

I believe I have no resolved the issue. A friend of mine happens to be a technie and he found 2 viruses and deleted them, along with a few other things. However, I am currently doing my first system scan since, so I've yet to confirm it. I just wanted to get this out before you responded, as I'd hate to waste your time.

 

Thanks for all your help.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 06 April 2015 - 07:37 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:02 PM

Posted 11 April 2015 - 08:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users