Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webcam turning on/Windows says no AntiVirus when Avast is Running


  • This topic is locked This topic is locked
6 replies to this topic

#1 TDCA

TDCA

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 13 June 2015 - 08:07 PM

My computer has an alert message in the bottom of the screen saying I do not have my antivirus turned on, but Avast is running fine. I also had my webcam turn on it's own as well. I have Avast/Malwarebytes on my computer and did a scan of each and cleared objects in both a few days ago. The webcam has since not turned on again but the noantivirus popup is still present and I'd also like to be sure whatever was turning the webcam on is also fixed entirely. Thank.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Mike (administrator) on MIKE-HP on 13-06-2015 20:56:00
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SolarWinds Worldwide, LLC.  +1(866) 530-8100) C:\Program Files\RhinoSoft\FTP Voyager\FTP Voyager Scheduler Tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-19] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [FTPVoyagerSchedulerTrayIcon] => C:\Program Files\RhinoSoft\FTP Voyager\FTP Voyager Scheduler Tray.exe [2070304 2014-10-01] (SolarWinds Worldwide, LLC.  +1(866) 530-8100)
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {16198176-2f46-11e4-911e-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {839d334c-2457-11e2-a867-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {dec85871-8610-11e1-bf08-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\MountPoints2: {e5ad4028-466d-11e2-acc0-009c0290d217} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-05-24] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {3E63A8B1-08E2-4D0E-BD33-2474D4244681} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-09] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-09-28] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1537839669-3915188379-138352656-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1537839669-3915188379-138352656-1001: electronicarts.com/GameFacePlugin -> C:\Users\Mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-07-26] (Electronic Arts)
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\user.js [2012-05-13]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Address Bar Search - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-31]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-24]
FF Extension: Classic Toolbar Buttons - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-25]

Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-24] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-04-05] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-24] ()
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 20:56 - 2015-06-13 20:57 - 00025735 _____ C:\Users\Mike\Downloads\FRST.txt
2015-06-13 20:55 - 2015-06-13 20:56 - 00000000 ____D C:\FRST
2015-06-13 20:54 - 2015-06-13 20:54 - 02109952 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2015-06-13 20:51 - 2015-06-13 20:51 - 01148416 _____ (Farbar) C:\Users\Mike\Downloads\FRST.exe
2015-06-04 03:19 - 2015-06-04 03:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
2015-06-04 03:10 - 2015-06-04 03:10 - 00000000 ____D C:\Users\Mike\apktool
2015-06-04 03:09 - 2015-06-04 03:09 - 00001015 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2015-06-04 03:09 - 2015-06-04 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
2015-06-04 03:08 - 2015-06-04 03:08 - 00001099 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2015-06-04 03:08 - 2015-06-04 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
2015-06-04 03:08 - 2015-06-04 03:08 - 00000000 ____D C:\Program Files (x86)\BlackBerry
2015-06-04 03:06 - 2015-06-04 03:06 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2015-06-04 03:06 - 2015-06-04 03:06 - 00000000 _____ C:\Windows\SysWOW64\err.txt
2015-06-04 03:05 - 2015-06-04 03:05 - 00000000 ____D C:\Windows\LastGood
2015-06-04 03:05 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2015-06-04 03:02 - 2015-06-04 03:02 - 00772430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-04 02:58 - 2015-06-04 03:10 - 00000000 ____D C:\Users\Mike\Downloads\GMaps_Patcher_Win_1.3.1
2015-06-04 02:48 - 2015-06-04 02:49 - 12140275 _____ C:\Users\Mike\Downloads\GMaps_Patcher_Win_1.3.1.zip
2015-06-04 02:12 - 2015-06-04 03:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-04 02:06 - 2015-06-04 02:07 - 09911478 _____ C:\Users\Mike\Desktop\com.bydeluxe.d3.android.program.starz.apk
2015-06-04 02:05 - 2015-06-04 02:14 - 00000000 ____D C:\Users\Mike\Desktop\gmaps-apk-patcher-v3.0.1-win
2015-06-02 17:14 - 2015-06-02 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 04:01 - 2015-06-01 04:01 - 01036912 _____ C:\Windows\Minidump\060115-26020-01.dmp
2015-06-01 02:27 - 2015-06-01 02:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 02:27 - 2015-06-01 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-01 02:26 - 2015-06-01 02:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-01 02:26 - 2015-06-01 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-01 02:26 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 02:26 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 02:26 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 02:25 - 2015-06-01 02:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-28 02:58 - 2015-05-28 02:58 - 00568947 _____ C:\Users\Mike\Desktop\f[.psd
2015-05-28 02:42 - 2015-05-28 02:50 - 00454433 _____ C:\Users\Mike\Desktop\f.psd
2015-05-26 13:52 - 2015-05-26 13:52 - 00001269 _____ C:\Users\Mike\Desktop\Free2X Webcam Recorder.lnk
2015-05-26 13:52 - 2015-05-26 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free2X
2015-05-26 13:52 - 2001-01-07 18:30 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4c32.dll
2015-05-26 13:52 - 2000-04-24 16:14 - 00239888 _____ (Microcrap Corporation) C:\Windows\SysWOW64\MPG4ds32.ax
2015-05-26 13:22 - 2015-05-26 13:22 - 00000000 ____D C:\Users\Mike\Documents\Free2x
2015-05-26 13:18 - 2015-05-26 13:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Free2X
2015-05-26 13:18 - 2015-05-26 13:18 - 00000000 ____D C:\Program Files (x86)\Free2X
2015-05-26 13:16 - 2015-05-26 13:17 - 02919878 _____ ( ) C:\Users\Mike\Downloads\webcamrecordersetup.exe
2015-05-25 18:39 - 2015-05-25 18:39 - 01272505 _____ C:\Users\Mike\Downloads\ss_site_title.wordpress.2015-05-25.xml
2015-05-19 18:28 - 2015-05-19 18:28 - 01933716 _____ C:\Users\Mike\Downloads\thedatingcaptain.wordpress.2015-05-19.xml
2015-05-18 01:34 - 2015-05-18 01:44 - 00141041 _____ C:\Users\Mike\Desktop\b1.psd

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 17:42 - 2012-03-07 20:51 - 01180720 _____ C:\Windows\WindowsUpdate.log
2015-06-13 15:33 - 2012-04-13 21:16 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4007AE8-08D4-48A2-8F10-2DD0823ED7C3}
2015-06-10 17:09 - 2012-11-19 11:02 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-06-10 17:09 - 2012-11-19 11:02 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-06-09 13:17 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 13:17 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 20:05 - 2014-10-10 02:34 - 00007598 _____ C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
2015-06-07 19:33 - 2012-04-14 02:24 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2015-06-07 19:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 19:32 - 2009-07-14 00:51 - 00099317 _____ C:\Windows\setupact.log
2015-06-07 19:30 - 2009-07-14 01:08 - 00023664 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-04 03:10 - 2012-04-13 21:08 - 00000000 ____D C:\Users\Mike
2015-06-04 03:07 - 2013-01-16 19:11 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2015-06-04 03:06 - 2013-01-16 19:14 - 00000000 ____D C:\Users\Mike\AppData\Local\Research In Motion
2015-06-04 03:06 - 2013-01-16 19:12 - 00000000 ____D C:\ProgramData\Research In Motion
2015-06-04 03:01 - 2009-07-14 01:13 - 00772430 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-02 21:16 - 2013-02-17 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-01 04:16 - 2012-08-02 17:14 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-01 04:01 - 2012-09-13 03:40 - 358098011 _____ C:\Windows\MEMORY.DMP
2015-06-01 04:01 - 2012-09-13 03:40 - 00000000 ____D C:\Windows\Minidump
2015-06-01 04:01 - 2012-04-14 14:09 - 00000000 ____D C:\Windows\SHELLNEW
2015-06-01 04:01 - 2010-11-20 23:47 - 00776450 _____ C:\Windows\PFRO.log
2015-06-01 03:47 - 2012-05-06 21:06 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2015-06-01 01:10 - 2013-03-19 02:02 - 00000000 ____D C:\Users\Mike\Documents\Youcam
2015-05-26 13:24 - 2014-12-20 22:03 - 00000000 ____D C:\Users\Mike\Desktop\Empire Earth
2015-05-14 01:36 - 2014-01-28 17:01 - 00000000 ____D C:\Users\Mike\AppData\Local\PokerStars

==================== Files in the root of some directories =======

2013-07-26 02:24 - 2013-07-26 02:24 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-02-12 23:35 - 2014-05-21 01:12 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-12-25 17:41 - 2012-12-25 17:44 - 0099384 _____ () C:\Users\Mike\AppData\Roaming\inst.exe
2012-12-25 17:41 - 2012-12-25 17:44 - 0007859 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.cat
2012-12-25 17:41 - 2012-12-25 17:44 - 0001167 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.inf
2012-12-25 17:41 - 2012-12-25 17:44 - 0000055 _____ () C:\Users\Mike\AppData\Roaming\pcouffin.log
2012-12-25 17:41 - 2012-12-25 17:44 - 0082816 _____ (VSO Software) C:\Users\Mike\AppData\Roaming\pcouffin.sys
2013-01-16 19:14 - 2014-06-13 02:02 - 0000231 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log
2013-01-16 19:13 - 2013-01-16 19:13 - 0001153 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-01-16 19:14 - 2014-06-13 02:02 - 0000231 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-12-25 17:54 - 2013-01-21 20:44 - 0001057 _____ () C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
2012-06-04 17:43 - 2014-03-01 02:53 - 0008192 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-10 02:34 - 2015-06-07 20:05 - 0007598 _____ () C:\Users\Mike\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\AskSLib.dll
C:\Users\Mike\AppData\Local\Temp\AutoRun.exe
C:\Users\Mike\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Mike\AppData\Local\Temp\BlackBerryDesktopSoftware.exe
C:\Users\Mike\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\Mike\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\Mike\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Mike\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Mike\AppData\Local\Temp\EAD10C2.exe
C:\Users\Mike\AppData\Local\Temp\EAD1257.exe
C:\Users\Mike\AppData\Local\Temp\EAD141C.exe
C:\Users\Mike\AppData\Local\Temp\EAD18CD.exe
C:\Users\Mike\AppData\Local\Temp\EAD1986.exe
C:\Users\Mike\AppData\Local\Temp\EAD1F23.exe
C:\Users\Mike\AppData\Local\Temp\EAD222.exe
C:\Users\Mike\AppData\Local\Temp\EAD26A2.exe
C:\Users\Mike\AppData\Local\Temp\EAD3EF2.exe
C:\Users\Mike\AppData\Local\Temp\EAD4978.exe
C:\Users\Mike\AppData\Local\Temp\EAD4A87.exe
C:\Users\Mike\AppData\Local\Temp\EAD4FA5.exe
C:\Users\Mike\AppData\Local\Temp\EAD5955.exe
C:\Users\Mike\AppData\Local\Temp\EAD59E2.exe
C:\Users\Mike\AppData\Local\Temp\EAD5FBB.exe
C:\Users\Mike\AppData\Local\Temp\EAD6098.exe
C:\Users\Mike\AppData\Local\Temp\EAD61DE.exe
C:\Users\Mike\AppData\Local\Temp\EAD6640.exe
C:\Users\Mike\AppData\Local\Temp\EAD7167.exe
C:\Users\Mike\AppData\Local\Temp\EAD780C.exe
C:\Users\Mike\AppData\Local\Temp\EAD79FF.exe
C:\Users\Mike\AppData\Local\Temp\EAD7A10.exe
C:\Users\Mike\AppData\Local\Temp\EAD7C02.exe
C:\Users\Mike\AppData\Local\Temp\EAD90FB.exe
C:\Users\Mike\AppData\Local\Temp\EAD9156.exe
C:\Users\Mike\AppData\Local\Temp\EAD953C.exe
C:\Users\Mike\AppData\Local\Temp\EAD981B.exe
C:\Users\Mike\AppData\Local\Temp\EAD9834.exe
C:\Users\Mike\AppData\Local\Temp\EAD9B06.exe
C:\Users\Mike\AppData\Local\Temp\EADA968.exe
C:\Users\Mike\AppData\Local\Temp\EADA9C7.exe
C:\Users\Mike\AppData\Local\Temp\EADAA33.exe
C:\Users\Mike\AppData\Local\Temp\EADAFCE.exe
C:\Users\Mike\AppData\Local\Temp\EADB079.exe
C:\Users\Mike\AppData\Local\Temp\EADB598.exe
C:\Users\Mike\AppData\Local\Temp\EADB60D.exe
C:\Users\Mike\AppData\Local\Temp\EADB99D.exe
C:\Users\Mike\AppData\Local\Temp\EADC457.exe
C:\Users\Mike\AppData\Local\Temp\EADD20D.exe
C:\Users\Mike\AppData\Local\Temp\EADD8C1.exe
C:\Users\Mike\AppData\Local\Temp\EADDC98.exe
C:\Users\Mike\AppData\Local\Temp\EADDF75.exe
C:\Users\Mike\AppData\Local\Temp\EADE510.exe
C:\Users\Mike\AppData\Local\Temp\EADEA24.exe
C:\Users\Mike\AppData\Local\Temp\EADEF5D.exe
C:\Users\Mike\AppData\Local\Temp\EADF40E.exe
C:\Users\Mike\AppData\Local\Temp\EADFE4B.exe
C:\Users\Mike\AppData\Local\Temp\eauninstall.exe
C:\Users\Mike\AppData\Local\Temp\Extract.exe
C:\Users\Mike\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mike\AppData\Local\Temp\Gw2.exe
C:\Users\Mike\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\Resource.exe
C:\Users\Mike\AppData\Local\Temp\SIntf16.dll
C:\Users\Mike\AppData\Local\Temp\SIntf32.dll
C:\Users\Mike\AppData\Local\Temp\SIntfNT.dll
C:\Users\Mike\AppData\Local\Temp\SP56929.exe
C:\Users\Mike\AppData\Local\Temp\SP56942.exe
C:\Users\Mike\AppData\Local\Temp\SP57103.exe
C:\Users\Mike\AppData\Local\Temp\SP57398.exe
C:\Users\Mike\AppData\Local\Temp\sp58915.exe
C:\Users\Mike\AppData\Local\Temp\SP59202.exe
C:\Users\Mike\AppData\Local\Temp\sp64126.exe
C:\Users\Mike\AppData\Local\Temp\SRLDetectionLibrary3778211865133199697.dll
C:\Users\Mike\AppData\Local\Temp\The Sims 2 University_uninst.exe
C:\Users\Mike\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mike\AppData\Local\Temp\utt1CA2.tmp.exe
C:\Users\Mike\AppData\Local\Temp\VP6Install.exe
C:\Users\Mike\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:48

==================== End of log ============================Attached File  Addition.txt   37.49KB   1 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 16 June 2015 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\user.js [2012-05-13]
FF Extension: Address Bar Search - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-31]
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}


End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 TDCA

TDCA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 16 June 2015 - 05:19 PM

1. I ran TFC for awhile and it just kept flashing, I eventually needed to do a laptop turnoff because it didn 't work, then I tried again and the same thing happened so I don't know if it worked

 

2. From what you can see so far was there a virus of some sort, I was curious what happened

 

here are the log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Mike at 2015-06-16 17:55:01 Run:1
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1537839669-3915188379-138352656-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1537839669-3915188379-138352656-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\user.js [2012-05-13]
FF Extension: Address Bar Search - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-31]
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1537839669-3915188379-138352656-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1537839669-3915188379-138352656-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-1537839669-3915188379-138352656-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\user.js => moved successfully.
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} => moved successfully.
"C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\naz4bub2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}" => File/Folder not found.


The system needed a reboot..

==== End of Fixlog 17:56:26 ====

 

# AdwCleaner v4.206 - Logfile created 16/06/2015 at 18:10:06
# Updated 01/06/2015 by Xplode
# Database : 2015-06-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mike - MIKE-HP
# Running from : C:\Users\Mike\Downloads\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [4119 bytes] - [16/06/2015 18:02:35]
AdwCleaner[S0].txt - [3939 bytes] - [16/06/2015 18:10:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3998  bytes] ##########
 


Edited by TDCA, 16 June 2015 - 05:19 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 17 June 2015 - 07:25 AM

There was a lot of bad files in your temp folder.
There were removed.

My fix was oriented to remove Potentially Unwanted Program/links.

Just malware not virus.

How is the computer running now?

#5 TDCA

TDCA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 17 June 2015 - 03:50 PM

The popup is no longer coming up so obviously it worked, thank you for the help I did have some questions

 

1. I had download a free webcm program and was wondering if I could uninstall it at this point or if it will affect anything I did

 

2. After running TFC, 4 TMP files were on the desktop (desktop ini twice, a word doc, and a random tmp file), I deleted the random tmp file in the recycle bin but should/can I delete the others

 

3. Was the webcam issue a hack or just a glitch of some sort because of the malware, that was a primary concern for me just having the light go randomly on without prompting it

 

Thank you again though, all seems well now at least



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 18 June 2015 - 07:04 AM

1. I had download a free webcm program and was wondering if I could uninstall it at this point or if it will affect anything I did

3. Was the webcam issue a hack or just a glitch of some sort because of the malware, that was a primary concern for me just having the light go randomly on without prompting it


The free Webcam program may have been used a the paylod to install carried Potentially Unwanted Programs that were installed without your concent.
If all is well now that these progams were removed you can keep it.
It's you call.

Keep it mind that nothing is fee.


2. After running TFC, 4 TMP files were on the desktop (desktop ini twice, a word doc, and a random tmp file), I deleted the random tmp file in the recycle bin but should/can I delete the others


The desktop.ini files are good.

If you do not need the .doc file delete it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 24 June 2015 - 08:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users