Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shop Smart Adware


  • This topic is locked This topic is locked
116 replies to this topic

#1 spngbobis4me

spngbobis4me

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 10 May 2015 - 02:00 PM

Do not know how to remove. I followed the self help guide and the adware is still there? Please help.......

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Spngbobis4me (administrator) on SPNGBOBIS4ME-PC on 10-05-2015 10:52:30
Running from C:\Users\Spngbobis4me\Downloads
Loaded Profiles: Spngbobis4me (Available profiles: Spngbobis4me)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(BitTorrent Inc.) C:\Users\Spngbobis4me\AppData\Roaming\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2615073786-2215973283-4087910215-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-03-12] (Siber Systems)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00FileExcludedIconOverlayHandlerv1] -> {2c0e6152-fd7e-3c07-b4f2-8caee706e6e6} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00FolderWatchingIconOverlayHandlerv1] -> {944e6363-82f1-338e-a0c1-cffb35514b65} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56893;https=127.0.0.1:56893
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2615073786-2215973283-4087910215-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-12] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2014-08-11] (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
BHO: Download Accelerator Plus Integration -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\DAP\dapieloader.dll [2015-05-08] (SpeedBit Ltd.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-12] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2615073786-2215973283-4087910215-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-03-12] (Siber Systems Inc.)
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Spngbobis4me\AppData\Roaming\Mozilla\Firefox\Profiles\es60z77h.default-1431238805388
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll [2014-10-10] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2615073786-2215973283-4087910215-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Spngbobis4me\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-26] (Citrix Online)
FF Extension: YouTube mp3 - C:\Users\Spngbobis4me\AppData\Roaming\Mozilla\Firefox\Profiles\es60z77h.default-1431238805388\Extensions\info@youtube-mp3.org.xpi [2015-05-10]
FF Extension: Firefox Helper Tool - C:\Program Files\Mozilla Firefox\distribution\bundles\ef9032d47618ba5cebd0745d06708067 [2015-04-25]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-08-09]
FF HKU\S-1-5-21-2615073786-2215973283-4087910215-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-08-11]
FF HKU\S-1-5-21-2615073786-2215973283-4087910215-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2015-03-12]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "https://www.google.com/"
CHR Profile: C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Entanglement Web App) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-04-19]
CHR Extension: (Tron Green/Blue) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeobdpjbhnpopgofmmdomfkiilanemhj [2015-04-19]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Pandora) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-04-19]
CHR Extension: (Google Sheets) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Causality Games) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2015-04-19]
CHR Extension: (Bookmark Manager) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2015-04-19]
CHR Extension: (Little Alchemy) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (BeGone) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Gmail) - C:\Users\Spngbobis4me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-05-09] ()
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-13] (Conexant Systems, Inc.)
S3 cpuz134; \??\C:\Users\SPNGBO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 10:52 - 2015-05-10 10:53 - 00015988 _____ () C:\Users\Spngbobis4me\Downloads\FRST.txt
2015-05-10 10:37 - 2015-05-10 10:39 - 01141248 _____ (Farbar) C:\Users\Spngbobis4me\Downloads\FRST.exe
2015-05-10 02:35 - 2015-05-10 02:35 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Spybot Search & Destroy v2.0.4.131
2015-05-10 01:07 - 2015-05-10 01:20 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\CHICAGO FiRE (2013) S03E18 x264 (WEB-DL) 1080p Eng nl subs TBS
2015-05-10 01:02 - 2015-05-10 03:27 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Chicago Fire (2015) S03E21 1080p Web-DL NL Subs SAM TBS
2015-05-10 00:57 - 2015-05-10 00:57 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Chicago Fire (2015) S03E20 1080p Web-DL NL Subs SAM TBS
2015-05-10 00:57 - 2015-05-10 00:57 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Chicago Fire (2015) S03E19 1080p Web-DL NL Subs SAM TBS
2015-05-09 23:46 - 2015-05-09 23:46 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-05-09 23:46 - 2015-05-09 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
2015-05-09 23:32 - 2015-05-09 23:32 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-09 14:43 - 2015-05-09 14:44 - 00000000 ____D () C:\sh4ldr
2015-05-09 14:35 - 2015-05-09 14:35 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-09 14:33 - 2015-05-09 14:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-09 00:12 - 2015-05-10 10:52 - 00000000 ____D () C:\FRST
2015-05-08 18:21 - 2015-05-08 18:28 - 00000000 ____D () C:\Windows\system32\Plugins
2015-05-08 14:53 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\Windows\system32\CNC_AQL.dll
2015-05-08 14:53 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQU.dll
2015-05-08 14:53 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\Windows\system32\CNC_AQC.dll
2015-05-08 14:53 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQI.dll
2015-05-08 11:49 - 2015-05-09 23:00 - 00000000 ____D () C:\AdwCleaner
2015-05-01 08:13 - 2015-05-01 08:14 - 00000000 ____D () C:\Program Files\Jelbruss Secure Web
2015-04-27 14:56 - 2015-04-27 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-27 14:55 - 2015-04-27 14:55 - 00000000 ___HD () C:\$AVG
2015-04-26 20:30 - 2015-04-26 20:30 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Local\Avg
2015-04-26 20:28 - 2015-04-26 20:38 - 00000000 ____D () C:\ProgramData\AVG
2015-04-26 10:27 - 2015-04-26 10:46 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Local\Citrix
2015-04-25 15:46 - 2011-05-23 05:00 - 00310272 ____N (CANON INC.) C:\Windows\system32\CNMLMAQ.DLL
2015-04-21 20:45 - 2015-04-25 01:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-20 23:03 - 2015-04-20 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-20 23:01 - 2015-04-20 23:03 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-20 23:01 - 2015-04-20 23:03 - 00000000 ____D () C:\Program Files\iTunes
2015-04-20 23:01 - 2015-04-20 23:01 - 00000000 ____D () C:\Program Files\iPod
2015-04-19 07:33 - 2015-04-25 15:23 - 00000000 ____D () C:\Program Files\Google
2015-04-15 13:05 - 2015-04-15 13:05 - 00206816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-04-15 11:46 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:46 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:46 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:45 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:45 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:44 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 11:44 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:44 - 2015-03-16 21:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:44 - 2015-03-16 21:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:43 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 11:43 - 2015-03-16 22:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:43 - 2015-03-16 22:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:43 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:43 - 2015-03-16 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:43 - 2015-03-16 21:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:43 - 2015-03-16 21:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:43 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:43 - 2015-03-16 21:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:43 - 2015-03-16 21:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:43 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:43 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:43 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:43 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:43 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:43 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 11:43 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:43 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 11:43 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:43 - 2015-03-12 20:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 11:43 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 11:43 - 2015-03-12 20:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 11:43 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:43 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 11:43 - 2015-03-12 19:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:43 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:43 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:43 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:42 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:42 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:42 - 2015-03-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 11:42 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:42 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 11:42 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:42 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 11:42 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:42 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:42 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 11:42 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:42 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:42 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:42 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:42 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:42 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 11:42 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:42 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:38 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:38 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:38 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:37 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:36 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:36 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:29 - 2015-04-14 16:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-13 12:11 - 2015-04-14 22:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-13 12:10 - 2015-04-14 16:28 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\ProgramData\Sun
2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-13 12:10 - 2015-04-13 12:09 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-13 12:10 - 2015-04-13 12:09 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-13 12:09 - 2015-04-14 16:29 - 00000000 ____D () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 10:53 - 2014-08-09 12:45 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Roaming\uTorrent
2015-05-10 10:34 - 2014-08-09 11:56 - 01319405 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 10:28 - 2014-08-09 13:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-10 10:28 - 2014-08-09 12:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-10 10:23 - 2009-07-13 21:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 10:23 - 2009-07-13 21:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 00:50 - 2014-08-11 16:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-09 23:52 - 2014-10-20 22:30 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-09 23:13 - 2015-02-01 02:25 - 00012452 _____ () C:\Windows\setupact.log
2015-05-09 23:13 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-09 23:02 - 2015-02-03 07:33 - 00036388 _____ () C:\Windows\PFRO.log
2015-05-09 22:56 - 2014-08-09 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-09 19:45 - 2014-08-12 08:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 19:44 - 2014-08-09 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 18:01 - 2014-08-11 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2015-05-08 18:01 - 2014-08-09 14:45 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2015-05-08 18:01 - 2014-08-09 14:45 - 00000000 ____D () C:\Program Files\DAP
2015-05-08 14:54 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\twain_32
2015-05-08 03:42 - 2014-08-09 12:05 - 00000000 ____D () C:\Users\Spngbobis4me
2015-05-08 01:24 - 2015-03-24 09:45 - 00073728 _____ () C:\Windows\system32\tasks.dll
2015-05-08 01:18 - 2014-11-09 17:17 - 00000000 ___RD () C:\Users\Spngbobis4me\Dropbox
2015-05-07 21:37 - 2014-10-02 10:00 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Roaming\Dropbox
2015-05-07 21:36 - 2014-10-04 18:58 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-07 13:41 - 2014-08-09 13:53 - 00105088 _____ () C:\Users\Spngbobis4me\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-07 09:17 - 2009-07-13 21:33 - 00391776 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-06 10:34 - 2014-08-22 13:48 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Local\Microsoft Help
2015-05-04 18:31 - 2014-10-01 11:54 - 00000000 ____D () C:\Users\Spngbobis4me\.frostwire5
2015-04-27 14:57 - 2014-10-24 09:13 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-27 14:55 - 2014-08-09 13:36 - 00000000 ____D () C:\Program Files\AVG
2015-04-26 20:47 - 2014-08-09 12:05 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Local\VirtualStore
2015-04-26 20:35 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-26 20:32 - 2014-08-12 12:27 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Roaming\AVG
2015-04-26 11:45 - 2015-01-28 18:58 - 00000000 ____D () C:\Program Files\FrostWire
2015-04-26 01:03 - 2014-10-20 22:06 - 00000000 ____D () C:\Program Files\Canon
2015-04-22 07:27 - 2014-08-09 13:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-21 07:46 - 2014-08-09 13:57 - 00000000 ____D () C:\Users\Spngbobis4me\Movies
2015-04-20 23:01 - 2014-09-13 02:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-19 07:42 - 2015-03-09 07:44 - 00000000 ____D () C:\Users\Spngbobis4me\AppData\Local\Google
2015-04-17 04:09 - 2010-11-20 14:01 - 00839280 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 16:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 17:45 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-04-15 17:18 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 17:02 - 2014-12-10 09:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 17:02 - 2014-08-09 22:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 14:59 - 2014-08-09 14:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:51 - 2014-08-09 14:56 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 14:50 - 2014-08-22 13:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 22:21 - 2014-08-09 13:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-14 22:21 - 2014-08-09 13:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 09:47 - 2014-08-09 13:51 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:46 - 2014-08-09 13:51 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:46 - 2014-08-09 13:51 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 10:15 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-03-29 01:26 - 2015-03-29 01:26 - 0009662 _____ () C:\Users\Spngbobis4me\AppData\Roaming\em_64x64.ico
2015-01-24 22:20 - 2015-01-24 22:20 - 0000088 _____ () C:\Users\Spngbobis4me\AppData\Local\53dae089f5142807e0d7ee54401c201c
2014-09-07 19:55 - 2014-11-02 13:02 - 0000218 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 17:30

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 10 May 2015 - 04:33 PM

Hello Piermontsteve and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Sincerely
:hello:
 
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 11 May 2015 - 03:00 AM

This is not a problem I will wait for your reply, Thank you.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 11 May 2015 - 01:59 PM

Hi spngbobis4me,

Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
Please uninstall the following applications:
 
Java 7 Update 75
Mozilla Maintenance Service
AVG PC Tuneup 2011
C:\Program Files\Enigma Software Group
C:\Program Files\Jelbruss Secure Web

 
Please PC restart now.
-------------------------------------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   3.58KB 0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

 

Have a nice day.

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 11 May 2015 - 10:36 PM

How do I download the fixit into the FRST directory? It doesnt give me that option?



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 May 2015 - 09:46 AM

How do I download the fixit into the FRST directory? It doesnt give me that option?

Open a notepad.
Copy the contents of the file in the Attachments
Then paste it into Notepad.
Save it to the desktop as Fixlist.
Open FRST software as an administrator.
Press the Fix button.
Result report (Fixlog.txt) Send.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 12:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by Spngbobis4me at 2015-05-12 10:37:31 Run:2
Running from C:\Users\Spngbobis4me\Desktop
Loaded Profiles: Spngbobis4me (Available profiles: Spngbobis4me)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56893;https=127.0.0.1:56893
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-05-09] ()
S3 cpuz134; \??\C:\Users\SPNGBO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-05-10 02:35 - 2015-05-10 02:35 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Spybot Search & Destroy v2.0.4.131
2015-05-09 14:35 - 2015-05-09 14:35 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-09 14:33 - 2015-05-09 14:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
C:\Program Files\Jelbruss Secure Web
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-05-10 10:28 - 2014-08-09 12:50 - 00000000 ____D () C:\ProgramData\MFAData
Task: {00C26D92-D4DC-4B20-ABBE-DE0D725EDBCB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKJNMGMNMJMOJKMKJCNMMMMMJPMCNLMOMIMMJCNNJIMMMMJCNJMLMKMPMJJNMNMGMLMOJGMNJJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMMJBJKJLIMJFMNMOMLMJNHICMMJBJKJLIMJJNBJCMMKPIBJIJNJAJNJGJMILMCJKJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {5200666A-209E-4644-AED4-454A8500608F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {ADA75C15-7889-4827-9862-1941FBFCF5AB} - System32\Tasks\SBWUpdateTask_Time_7045aec8-0014A54AF203 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2015-05-08] () <==== ATTENTION
Task: {D902982F-2AAF-426E-8321-46472D95757D} - System32\Tasks\SBWUpdateTask_Logon_7045aec8-0014A54AF203 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2015-05-08] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:8DFE5191
FirewallRules: [TCP Query User{B0E1BE4F-1CF5-4B77-A3B6-C6638E0E7F03}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{804D7BE8-EB13-45A7-83E4-ADC685254E1F}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3F0085C1-C91A-40B5-8C6E-7EDB8C85F58D}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{45CCEC3C-821D-41FE-A76F-11D0D24B14AD}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:





*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9} => Key not found.
HKCR\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CC450D71-CC90-424C-8638-1F2DBAC87A54} => Key not found.
HKCR\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54} => Key not found.
EsgScanner => Service not found.
cpuz134 => Service not found.
VGPU => Service not found.
"C:\Users\Spngbobis4me\Downloads\Spybot Search & Destroy v2.0.4.131" => File/Directory not found.
"C:\Windows\system32\Drivers\EsgScanner.sys" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
"C:\Program Files\Jelbruss Secure Web" => File/Directory not found.
"C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB" => File/Directory not found.
"C:\ProgramData\MFAData" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C26D92-D4DC-4B20-ABBE-DE0D725EDBCB} => Key not found.
C:\Windows\System32\Tasks\Open URL by RoboForm not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5200666A-209E-4644-AED4-454A8500608F} => Key not found.
C:\Windows\System32\Tasks\SpyHunter4Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA75C15-7889-4827-9862-1941FBFCF5AB} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_7045aec8-0014A54AF203 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_7045aec8-0014A54AF203 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D902982F-2AAF-426E-8321-46472D95757D} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7045aec8-0014A54AF203 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_7045aec8-0014A54AF203 => Key not found.
"C:\ProgramData\TEMP" => ":0B4227B4" ADS not found.
"C:\ProgramData\TEMP" => ":553CA6CA" ADS not found.
"C:\ProgramData\TEMP" => ":56E2E879" ADS not found.
"C:\ProgramData\TEMP" => ":8DFE5191" ADS not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B0E1BE4F-1CF5-4B77-A3B6-C6638E0E7F03}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{804D7BE8-EB13-45A7-83E4-ADC685254E1F}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F0085C1-C91A-40B5-8C6E-7EDB8C85F58D}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{45CCEC3C-821D-41FE-A76F-11D0D24B14AD}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => Removed 222.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:38:30 ====



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 12 May 2015 - 01:10 PM

Can you do it again Step 1


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 05:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by Spngbobis4me at 2015-05-12 14:30:39 Run:3
Running from C:\Users\Spngbobis4me\Desktop
Loaded Profiles: Spngbobis4me (Available profiles: Spngbobis4me)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56893;https=127.0.0.1:56893
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-05-09] ()
S3 cpuz134; \??\C:\Users\SPNGBO~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-05-10 02:35 - 2015-05-10 02:35 - 00000000 ____D () C:\Users\Spngbobis4me\Downloads\Spybot Search & Destroy v2.0.4.131
2015-05-09 14:35 - 2015-05-09 14:35 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-09 14:33 - 2015-05-09 14:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
C:\Program Files\Jelbruss Secure Web
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-05-10 10:28 - 2014-08-09 12:50 - 00000000 ____D () C:\ProgramData\MFAData
Task: {00C26D92-D4DC-4B20-ABBE-DE0D725EDBCB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKJNMGMNMJMOJKMKJCNMMMMMJPMCNLMOMIMMJCNNJIMMMMJCNJMLMKMPMJJNMNMGMLMOJGMNJJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMMJBJKJLIMJFMNMOMLMJNHICMMJBJKJLIMJJNBJCMMKPIBJIJNJAJNJGJMILMCJKJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {5200666A-209E-4644-AED4-454A8500608F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {ADA75C15-7889-4827-9862-1941FBFCF5AB} - System32\Tasks\SBWUpdateTask_Time_7045aec8-0014A54AF203 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2015-05-08] () <==== ATTENTION
Task: {D902982F-2AAF-426E-8321-46472D95757D} - System32\Tasks\SBWUpdateTask_Logon_7045aec8-0014A54AF203 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2015-05-08] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:8DFE5191
FirewallRules: [TCP Query User{B0E1BE4F-1CF5-4B77-A3B6-C6638E0E7F03}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{804D7BE8-EB13-45A7-83E4-ADC685254E1F}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3F0085C1-C91A-40B5-8C6E-7EDB8C85F58D}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{45CCEC3C-821D-41FE-A76F-11D0D24B14AD}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:





*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9} => Key not found.
HKCR\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CC450D71-CC90-424C-8638-1F2DBAC87A54} => Key not found.
HKCR\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54} => Key not found.
EsgScanner => Service not found.
cpuz134 => Service not found.
VGPU => Service not found.
"C:\Users\Spngbobis4me\Downloads\Spybot Search & Destroy v2.0.4.131" => File/Directory not found.
"C:\Windows\system32\Drivers\EsgScanner.sys" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
"C:\Program Files\Jelbruss Secure Web" => File/Directory not found.
"C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB" => File/Directory not found.
C:\ProgramData\MFAData => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C26D92-D4DC-4B20-ABBE-DE0D725EDBCB} => Key not found.
C:\Windows\System32\Tasks\Open URL by RoboForm not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5200666A-209E-4644-AED4-454A8500608F} => Key not found.
C:\Windows\System32\Tasks\SpyHunter4Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA75C15-7889-4827-9862-1941FBFCF5AB} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_7045aec8-0014A54AF203 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_7045aec8-0014A54AF203 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D902982F-2AAF-426E-8321-46472D95757D} => Key not found.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_7045aec8-0014A54AF203 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_7045aec8-0014A54AF203 => Key not found.
"C:\ProgramData\TEMP" => ":0B4227B4" ADS not found.
"C:\ProgramData\TEMP" => ":553CA6CA" ADS not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"C:\ProgramData\TEMP" => ":8DFE5191" ADS not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B0E1BE4F-1CF5-4B77-A3B6-C6638E0E7F03}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{804D7BE8-EB13-45A7-83E4-ADC685254E1F}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F0085C1-C91A-40B5-8C6E-7EDB8C85F58D}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{45CCEC3C-821D-41FE-A76F-11D0D24B14AD}C:\users\spngbobis4me\appdata\roaming\utorrent\utorrent.exe => Value not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

EmptyTemp: => Removed 20.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:30:55 ====



#10 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 05:29 PM

# AdwCleaner v4.203 - Logfile created 12/05/2015 at 15:11:00
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Spngbobis4me - SPNGBOBIS4ME-PC
# Running from : C:\Users\Spngbobis4me\Desktop\ADWCLEANER 4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Spngbobis4me\AppData\Roaming\Mozilla\Firefox\Profiles\es60z77h.default-1431238805388\searchplugins\speedbit.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\SpeedBit
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "SpeedBit Search");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename.US", "SpeedBit Search");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SpeedBit Search");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SpeedBit Search");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.2");
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"info@youtube-mp3.org\":{\"d\":\"C:\\\\Users\\\\Spngbobis4me\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\es60z77h.default-1431238805[...]
[es60z77h.default-1431238805388\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=115&q=");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4109 bytes] - [08/05/2015 11:52:05]
AdwCleaner[R1].txt - [3387 bytes] - [09/05/2015 22:57:11]
AdwCleaner[R2].txt - [3340 bytes] - [12/05/2015 15:07:13]
AdwCleaner[S0].txt - [4069 bytes] - [08/05/2015 11:55:54]
AdwCleaner[S1].txt - [3305 bytes] - [09/05/2015 23:00:00]
AdwCleaner[S2].txt - [3312 bytes] - [12/05/2015 15:11:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3371  bytes] ##########



#11 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 05:47 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Ultimate x86
Ran by Spngbobis4me on Tue 05/12/2015 at 15:35:34.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\eusing free registry cleaner
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Spngbobis4me\appdata\locallow\pcdr
Successfully deleted: [Folder] C:\Users\Spngbobis4me\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin



~~~ FireFox

Successfully deleted the following from C:\Users\Spngbobis4me\AppData\Roaming\mozilla\firefox\profiles\es60z77h.default-1431238805388\prefs.js

user_pref(extensions.xpiState, {\app-profile\:{\info@youtube-mp3.org\:{\d\:\C:\\\\Users\\\\Spngbobis4me\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\es
Emptied folder: C:\Users\Spngbobis4me\AppData\Roaming\mozilla\firefox\profiles\es60z77h.default-1431238805388\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/12/2015 at 15:38:09.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 06:27 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/12/2015
Scan Time: 3:52:02 PM
Logfile: log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.12.08
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Spngbobis4me

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327580
Time Elapsed: 24 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MultiPlug, HKU\S-1-5-21-2615073786-2215973283-4087910215-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, Quarantined, [28a0aee40189dd59b7ac0e82cf34ac54],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#13 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 12 May 2015 - 06:41 PM

O.K. I have completed all the steps that you asked. Waiting for reply from you. Thank you.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 13 May 2015 - 03:54 PM

Thank you for the logs.

 

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 spngbobis4me

spngbobis4me
  • Topic Starter

  • Members
  • 389 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 13 May 2015 - 05:21 PM

ComboFix 15-05-13.01 - Spngbobis4me 05/13/2015  14:52:41.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2047.1377 [GMT -7:00]
Running from: c:\users\Spngbobis4me\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\SET8BF2.tmp
.
c:\windows\System32\autochk.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-13 to 2015-05-13  )))))))))))))))))))))))))))))))
.
.
2015-05-13 06:49 . 2015-05-01 13:16    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:50 . 2015-05-13 19:07    --------    d-----w-    c:\programdata\MFAData
2015-05-13 05:11 . 2015-04-20 02:56    909312    ----a-w-    c:\windows\system32\FntCache.dll
2015-05-13 05:11 . 2015-04-20 02:56    1250816    ----a-w-    c:\windows\system32\DWrite.dll
2015-05-13 05:11 . 2015-04-20 02:03    2382336    ----a-w-    c:\windows\system32\win32k.sys
2015-05-13 05:11 . 2015-05-05 01:12    248832    ----a-w-    c:\windows\system32\schannel.dll
2015-05-13 05:11 . 2015-04-18 02:56    342016    ----a-w-    c:\windows\system32\certcli.dll
2015-05-13 05:05 . 2015-04-08 03:14    938496    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 05:05 . 2015-04-08 03:14    1415168    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2015-05-13 05:05 . 2015-04-08 03:14    126464    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2015-05-13 05:05 . 2015-04-08 03:14    274944    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2015-05-13 05:05 . 2015-04-08 03:14    216064    ----a-w-    c:\windows\system32\InkEd.dll
2015-05-12 22:35 . 2015-05-12 22:35    --------    d-----w-    C:\RegBackup
2015-05-12 11:34 . 2015-05-12 11:43    --------    d-----w-    c:\program files\Slot Nuts
2015-05-11 20:24 . 2015-04-14 23:28    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-05-11 20:16 . 2015-03-04 04:11    5120    ----a-w-    c:\windows\system32\shimeng.dll
2015-05-11 20:16 . 2015-03-04 04:10    295936    ----a-w-    c:\windows\system32\apphelp.dll
2015-05-11 20:16 . 2015-03-04 04:10    62464    ----a-w-    c:\windows\system32\aelupsvc.dll
2015-05-11 20:16 . 2015-03-04 04:10    20992    ----a-w-    c:\windows\system32\sdbinst.exe
2015-05-11 20:16 . 2015-03-14 03:04    1372160    ----a-w-    c:\windows\system32\dwmcore.dll
2015-05-11 20:16 . 2015-03-14 03:04    67584    ----a-w-    c:\windows\system32\dwmapi.dll
2015-05-11 20:15 . 2015-02-18 07:06    123904    ----a-w-    c:\windows\system32\poqexec.exe
2015-05-10 06:46 . 2015-05-10 06:46    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2015-05-10 06:32 . 2015-05-10 06:32    --------    d--h--w-    c:\program files\CanonBJ
2015-05-09 21:43 . 2015-05-11 22:05    --------    d-----w-    C:\Hotfix
2015-05-09 07:12 . 2015-05-12 21:38    --------    d-----w-    C:\FRST
2015-05-09 01:21 . 2015-05-09 01:28    --------    d-----w-    c:\windows\system32\Plugins
2015-05-08 21:53 . 2011-04-27 18:00    323584    ----a-w-    c:\windows\system32\CNC_AQL.dll
2015-05-08 21:53 . 2011-03-31 17:07    114688    ----a-w-    c:\windows\system32\CNC_AQU.dll
2015-05-08 21:53 . 2011-03-31 17:05    286720    ----a-w-    c:\windows\system32\CNC_AQC.dll
2015-05-08 21:53 . 2011-03-31 17:05    114688    ----a-w-    c:\windows\system32\CNC_AQI.dll
2015-05-08 18:49 . 2015-05-12 22:11    --------    d-----w-    C:\AdwCleaner
2015-04-27 21:55 . 2015-04-27 21:55    --------    d-----w-    C:\$AVG
2015-04-27 21:44 . 2015-04-20 07:59    9201616    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{019F2C74-4053-44DD-83C8-2A7C8357D351}\mpengine.dll
2015-04-27 03:30 . 2015-04-27 03:30    --------    d-----w-    c:\users\Spngbobis4me\AppData\Local\Avg
2015-04-27 03:28 . 2015-04-27 03:38    --------    d-----w-    c:\programdata\AVG
2015-04-26 17:27 . 2015-04-26 17:46    --------    d-----w-    c:\users\Spngbobis4me\AppData\Local\Citrix
2015-04-25 22:46 . 2011-05-23 12:00    310272    ------w-    c:\windows\system32\CNMLMAQ.DLL
2015-04-21 06:01 . 2015-04-21 06:01    --------    d-----w-    c:\program files\iPod
2015-04-21 06:01 . 2015-04-21 06:03    --------    d-----w-    c:\program files\iTunes
2015-04-19 14:33 . 2015-04-25 22:23    --------    d-----w-    c:\program files\Google
2015-04-15 20:05 . 2015-04-15 20:05    206816    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2015-04-15 18:46 . 2015-03-23 03:06    576000    ----a-w-    c:\windows\system32\generaltel.dll
2015-04-15 18:46 . 2015-03-23 03:06    860160    ----a-w-    c:\windows\system32\appraiser.dll
2015-04-15 18:46 . 2015-03-23 03:06    26112    ----a-w-    c:\windows\system32\acmigration.dll
2015-04-15 18:46 . 2015-03-23 02:59    896000    ----a-w-    c:\windows\system32\aeinv.dll
2015-04-15 18:46 . 2015-03-23 03:06    630784    ----a-w-    c:\windows\system32\invagent.dll
2015-04-15 18:46 . 2015-03-23 03:06    331264    ----a-w-    c:\windows\system32\devinv.dll
2015-04-15 18:46 . 2015-03-23 03:06    202752    ----a-w-    c:\windows\system32\aepdu.dll
2015-04-15 18:46 . 2015-03-23 03:06    159744    ----a-w-    c:\windows\system32\aepic.dll
2015-04-15 18:45 . 2015-03-04 04:16    249784    ----a-w-    c:\windows\system32\clfs.sys
2015-04-15 18:45 . 2015-03-04 04:10    58880    ----a-w-    c:\windows\system32\clfsw32.dll
2015-04-15 18:43 . 2015-03-05 04:06    305152    ----a-w-    c:\windows\system32\gdi32.dll
2015-04-15 18:38 . 2015-03-25 03:00    92672    ----a-w-    c:\windows\system32\wudriver.dll
2015-04-15 18:38 . 2015-03-25 03:00    35328    ----a-w-    c:\windows\system32\wups2.dll
2015-04-15 18:38 . 2015-03-25 03:00    3088384    ----a-w-    c:\windows\system32\wucltux.dll
2015-04-15 18:38 . 2015-03-25 03:00    29696    ----a-w-    c:\windows\system32\wups.dll
2015-04-15 18:38 . 2015-03-25 03:00    173056    ----a-w-    c:\windows\system32\wuwebv.dll
2015-04-15 18:38 . 2015-03-25 03:00    11776    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-04-15 18:38 . 2015-03-25 03:00    33792    ----a-w-    c:\windows\system32\wuapp.exe
2015-04-15 18:38 . 2015-03-25 03:00    131584    ----a-w-    c:\windows\system32\wuauclt.exe
2015-04-15 18:38 . 2015-03-25 03:00    566784    ----a-w-    c:\windows\system32\wuapi.dll
2015-04-15 18:38 . 2015-03-25 03:00    2020864    ----a-w-    c:\windows\system32\wuaueng.dll
2015-04-15 18:38 . 2015-03-25 03:00    50176    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-04-15 18:37 . 2015-02-25 03:03    514560    ----a-w-    c:\windows\system32\drivers\http.sys
2015-04-15 18:36 . 2015-03-10 03:08    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2015-04-15 18:36 . 2015-03-10 03:05    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-04-14 23:29 . 2015-04-14 23:29    --------    d-----w-    c:\program files\Common Files\Java
2015-04-14 20:19 . 2015-04-14 20:19    16917184    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-12 22:51 . 2014-08-12 15:20    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 08:24 . 2015-03-24 16:45    73728    ----a-w-    c:\windows\system32\tasks.dll
2015-04-15 05:21 . 2014-08-09 20:48    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-04-15 05:21 . 2014-08-09 20:48    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 16:47 . 2014-08-09 20:51    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-04-14 16:46 . 2014-08-09 20:51    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 16:46 . 2014-08-09 20:51    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-04-09 21:12 . 2015-04-09 21:12    226784    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2015-04-07 19:45 . 2015-04-07 19:45    213984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2015-04-03 16:37 . 2015-04-03 16:37    110048    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2015-03-20 19:18 . 2015-03-20 19:18    35808    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2015-03-11 19:13 . 2015-03-11 19:13    269792    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2015-03-11 19:13 . 2015-03-11 19:13    166880    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2015-03-11 19:13 . 2015-03-11 19:13    132576    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2015-03-11 19:08 . 2015-03-11 19:08    29664    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2015-03-04 04:10 . 2015-05-11 20:16    470528    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-11 20:16    2178560    ----a-w-    c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-11 20:16    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2015-02-24 11:23 . 2014-08-09 20:23    246920    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-20 04:13 . 2015-03-10 23:20    26624    ----a-w-    c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-10 23:20    70656    ----a-w-    c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-10 23:20    10240    ----a-w-    c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-10 23:20    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-10 23:20    299008    ----a-w-    c:\windows\system32\atmfd.dll
2015-02-17 23:04 . 2015-02-17 23:04    1202848    ----a-w-    c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Spngbobis4me\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00FileExcludedIconOverlayHandlerv1]
@="{2c0e6152-fd7e-3c07-b4f2-8caee706e6e6}"
[HKEY_CLASSES_ROOT\CLSID\{2c0e6152-fd7e-3c07-b4f2-8caee706e6e6}]
2010-11-20 21:29    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00FolderWatchingIconOverlayHandlerv1]
@="{944e6363-82f1-338e-a0c1-cffb35514b65}"
[HKEY_CLASSES_ROOT\CLSID\{944e6363-82f1-338e-a0c1-cffb35514b65}]
2010-11-20 21:29    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-03-12 110160]
"DAP10"="c:\program files\DAP\DAP.EXE" [2015-05-13 2918576]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2015-05-13 2918576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-04-15 3745232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-03-11 166880]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-03-11 269792]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-03-20 35808]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-03-11 132576]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-04-09 226784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-03-11 29664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-04-15 206816]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-04-07 213984]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-04-15 3438032]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-04-15 311792]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-15 88192]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
utcsvc    REG_MULTI_SZ       DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-09 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.speedbit.com/?aff=115
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Spngbobis4me\AppData\Roaming\Mozilla\Firefox\Profiles\es60z77h.default-1431238805388\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Eusing Free Registry Cleaner - c:\progra~1\EUSING~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2015-05-13  15:18:49 - machine was rebooted
ComboFix-quarantined-files.txt  2015-05-13 22:18
.
Pre-Run: 5,752,582,144 bytes free
Post-Run: 5,688,918,016 bytes free
.
- - End Of File - - 6FE0353F60DFC6750499DD7E805E5E9B
A36C5E4F47E84449FF07ED3517B43A31






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users