Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.optional.Consumer.InputC Adware/Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Randomtastic

Randomtastic

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 13 July 2015 - 03:03 PM

I started noticing issues on Sunday, July 5th, 2015 on my HP computer. I run Windows 8.1 on it.
 
I kept seeing three to four pop up windows at the bottom of my screen, no matter the website I went to on the web.  So I scanned my computer with the tools I had at the time: Avast! and Spybot: Search and Destory.  While Avast found little to nothing, SBS&D kept finding something it dubbed Consumer.Input.  I figured the infection was gone until I was still getting pop up the next day. Then an icon disappeared from my desktop and the start up icon on my task bar turned into a sheet of paper and could no longer be used/accessed.
 
So as the week continued and I kept doing my research on tools to aid in ridding this adware, I ended up downloading and using the following:
-MalwareBytes (The first scan produced 311 items, where the name PUP.optional.Consumer.InputC showed up.)
-Hitman Pro
-AdwCleaner
-CCleaner
-SpywareBlaster
-Avira (This scan produced 1 item, where the name TR/Crypt.XPACK.Gen 7 showed up.)
-AdBlock Plus
 
As of today, nothing is turning up unless I scan with Spybot, which keeps finding the same few 9-11 files. I'm not sure if this is a false positive, because upon research, I heard this adware may process a rookit that may be making it hard to detect and track/provides a backdoor.  Nothing else has shown up lately in Malwarebytes or Avira (I have since taken off Hitman Pro.) and I haven't experienced any pop ups as of late.  However, I'm aware that just because the symptoms are seemingly gone, doesn't mean the Adware itself is completely gone.
 
I'm just ensuring that it's completely gone and not hidding deep in my computer.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Slimthrowed (administrator) on MARCUSPC on 13-07-2015 15:16:07
Running from C:\Users\Slimthrowed\Desktop
Loaded Profiles: Slimthrowed &  (Available Profiles: Slimthrowed)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-05]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001 -> {E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{257793D9-E530-4950-8B20-9919E77CF2B6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{974F6531-DD27-4902-8213-612347CF7CF8}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF SearchPlugin: C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\searchplugins\avira-safesearch.xml [2015-07-12]
FF Extension: Avira Browser Safety - C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\Extensions\abs@avira.com [2015-07-12]
FF Extension: Avira SafeSearch Plus - C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\Extensions\safesearchplus@avira.com [2015-07-12]
FF Extension: Adblock Plus - C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-12]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 4A01DA723A3C45E8EB3170EA1CFE4417C2D990A19528CCDFD30113B75E9C153B
CHR DefaultSearchURL: Default -> 873DAB5686259486988BA2E5EA21DAF1C073D5E701206757C83B05E6FB450BA6
CHR Profile: C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (YouTube) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Google Search) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-06]
CHR Extension: (Avast Online Security) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-06]
CHR Extension: (Google Wallet) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-03-15] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
R2 TabletServiceWacom; C:\WINDOWS\SYSTEM32\WACOM_TABLET.EXE [3647272 2009-03-26] (Wacom Technology, Corp.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ServiceSAM; C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-06-16] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-08-05] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 15:16 - 2015-07-13 15:16 - 00028000 _____ C:\Users\Slimthrowed\Desktop\FRST.txt
2015-07-13 15:15 - 2015-07-13 15:16 - 00000000 ____D C:\FRST
2015-07-13 15:12 - 2015-07-13 15:12 - 02133504 _____ (Farbar) C:\Users\Slimthrowed\Desktop\FRST64.exe
2015-07-12 21:42 - 2015-07-13 15:08 - 00616722 _____ C:\Windows\WindowsUpdate.log
2015-07-12 21:12 - 2015-07-12 21:12 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-12 21:12 - 2015-07-12 21:12 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-12 21:12 - 2015-07-12 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-12 21:12 - 2015-07-12 21:12 - 00000000 ____D C:\Program Files\CCleaner
2015-07-12 20:29 - 2015-07-12 20:29 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-12 20:29 - 2015-07-12 20:29 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-12 20:29 - 2015-07-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-12 20:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-12 20:28 - 2015-07-13 15:10 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-07-12 20:28 - 2015-07-12 20:28 - 00001102 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-12 20:28 - 2015-07-12 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-12 20:28 - 2015-07-12 20:28 - 00000000 ____D C:\ProgramData\Licenses
2015-07-12 20:28 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-07-12 20:28 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-07-12 20:19 - 2015-07-12 20:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Slimthrowed\Downloads\spybot-2.4.exe
2015-07-12 20:19 - 2015-07-12 20:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Slimthrowed\Downloads\spywareblastersetup50.exe
2015-07-12 20:14 - 2015-07-12 20:14 - 00000000 ____D C:\Users\Slimthrowed\AppData\Roaming\Avira
2015-07-12 20:13 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-12 20:13 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-12 20:13 - 2015-06-16 09:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-12 20:13 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-12 20:12 - 2015-07-12 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-12 20:12 - 2015-07-12 20:13 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 20:12 - 2015-07-12 20:13 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-12 20:12 - 2015-07-12 20:12 - 00001215 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-12 20:09 - 2015-07-12 20:09 - 00000085 _____ C:\Windows\wininit.ini
2015-07-12 20:03 - 2015-07-12 20:03 - 06565736 _____ (Piriform Ltd) C:\Users\Slimthrowed\Downloads\ccsetup507.exe
2015-07-12 20:03 - 2015-07-12 20:03 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Slimthrowed\Downloads\avira_en_av_55a30027b39cf__ws.exe
2015-07-09 21:22 - 2015-07-09 21:30 - 00000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2015-07-09 20:58 - 2015-07-09 20:58 - 00008194 _____ C:\Windows\system32\.crusader
2015-07-09 20:46 - 2015-07-09 20:58 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-09 19:37 - 2015-07-09 19:37 - 187150616 _____ (Microsoft Corporation) C:\Users\Slimthrowed\Downloads\msert.exe
2015-07-05 20:07 - 2015-07-05 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-05 20:07 - 2015-07-05 20:07 - 00000000 ____D C:\Program Files\7-Zip
2015-07-05 14:22 - 2015-07-05 14:23 - 00000000 ____D C:\AdwCleaner
2015-07-05 13:11 - 2015-07-13 14:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 13:10 - 2015-07-05 13:10 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-05 13:10 - 2015-07-05 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 13:10 - 2015-07-05 13:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-05 13:10 - 2015-07-05 13:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 13:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-05 13:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-05 13:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-05 13:07 - 2015-07-05 13:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Slimthrowed\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-04 11:33 - 2015-07-03 21:21 - 00001993 _____ C:\Windows\system32\Drivers\etc\hosts.20150704-113305.backup
2015-07-04 10:08 - 2015-07-12 20:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-04 10:08 - 2015-07-12 20:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-04 10:08 - 2015-07-04 10:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-22 01:40 - 2015-06-22 01:40 - 00000000 ____D C:\Users\Slimthrowed\Downloads\__MACOSX
2015-06-22 01:40 - 2014-05-07 14:54 - 00035376 ____N C:\Users\Slimthrowed\Downloads\BackIssuesBB_reg.otf
2015-06-22 01:40 - 2014-05-07 14:54 - 00035248 ____N C:\Users\Slimthrowed\Downloads\BackIssuesBB_ital.otf
2015-06-22 01:40 - 2014-05-07 14:54 - 00029248 ____N C:\Users\Slimthrowed\Downloads\BackIssuesBB_boldital.otf
2015-06-22 01:40 - 2014-01-06 09:49 - 00001834 ____N C:\Users\Slimthrowed\Downloads\fontinfo.txt
2015-06-22 01:37 - 2015-06-22 01:37 - 00067263 _____ C:\Users\Slimthrowed\Downloads\back_issues.zip
2015-06-13 10:14 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-13 10:14 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-13 10:14 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 15:10 - 2014-08-05 13:46 - 00000000 ____D C:\ProgramData\Temp
2015-07-13 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-13 14:57 - 2015-03-01 19:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3883128668-3262603434-3209943220-1001
2015-07-13 14:56 - 2015-04-25 09:32 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 14:51 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-13 14:47 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-13 14:46 - 2015-04-17 20:51 - 00003200 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSlimthrowed
2015-07-13 14:46 - 2015-04-17 20:51 - 00000374 _____ C:\Windows\Tasks\HPCeeScheduleForSlimthrowed.job
2015-07-13 14:43 - 2015-03-01 19:18 - 00000000 ____D C:\Users\Slimthrowed\Documents\Youcam
2015-07-13 14:42 - 2015-04-25 09:32 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 14:41 - 2015-03-16 09:09 - 00000000 ____D C:\Users\Slimthrowed\AppData\Roaming\WTablet
2015-07-12 21:15 - 2015-05-11 19:44 - 00000000 ____D C:\Users\Slimthrowed\AppData\Local\CrashDumps
2015-07-12 21:15 - 2014-04-02 06:25 - 00000000 ____D C:\Windows\Panther
2015-07-12 20:31 - 2014-03-18 05:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 20:24 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 20:12 - 2014-08-05 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-12 19:11 - 2015-03-15 09:00 - 00000000 ____D C:\ProgramData\Adobe
2015-07-12 19:11 - 2015-03-15 09:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-12 19:10 - 2015-03-15 18:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-12 19:10 - 2015-03-01 19:16 - 00000000 ____D C:\Users\Slimthrowed\AppData\Roaming\Adobe
2015-07-12 18:57 - 2015-03-15 09:27 - 00000000 ____D C:\Users\Slimthrowed\AppData\Local\Adobe
2015-07-09 08:51 - 2015-06-07 13:54 - 00000000 ___RD C:\Users\Slimthrowed\Google Drive
2015-07-08 18:12 - 2015-04-29 16:49 - 00000132 _____ C:\Users\Slimthrowed\AppData\Roaming\Adobe PNG Format CC Prefs
2015-07-08 09:58 - 2015-04-25 09:47 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-08 09:46 - 2015-03-14 15:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-05 13:34 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Globalization
2015-07-04 15:27 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-04 15:24 - 2015-03-01 19:15 - 00000000 ____D C:\Users\Slimthrowed
2015-07-03 19:53 - 2015-03-14 17:35 - 00000000 ____D C:\ProgramData\WebGuard
2015-07-03 02:15 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-30 18:27 - 2015-04-18 19:53 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-30 18:27 - 2015-04-18 19:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-26 22:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-26 21:32 - 2013-08-22 10:44 - 05017952 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-19 23:02 - 2015-03-16 15:37 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2015-03-16 15:37 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 12:49 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-04-29 16:49 - 2015-07-08 18:12 - 0000132 _____ () C:\Users\Slimthrowed\AppData\Roaming\Adobe PNG Format CC Prefs
2015-05-23 15:31 - 2015-05-23 15:31 - 0000000 _____ () C:\Users\Slimthrowed\AppData\Local\{40EE135F-370D-475B-B231-9CCFA048693C}

Some files in TEMP:
====================
C:\Users\Slimthrowed\AppData\Local\Temp\avgnt.exe
C:\Users\Slimthrowed\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-07 15:05

==================== End of log ============================
 
 

Attached Files


Edited by Randomtastic, 13 July 2015 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 15 July 2015 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF SearchPlugin: C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\searchplugins\avira-safesearch.xml [2015-07-12]
CHR Extension: (Avast Online Security) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 ServiceSAM; C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [X]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 15 July 2015 - 10:31 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Slimthrowed at 2015-07-15 11:11:26 Run:1
Running from C:\Users\Slimthrowed\Desktop
Loaded Profiles: Slimthrowed &  (Available Profiles: Slimthrowed)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF SearchPlugin: C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\searchplugins\avira-safesearch.xml [2015-07-12]
CHR Extension: (Avast Online Security) - C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 ServiceSAM; C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [X]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\searchplugins\avira-safesearch.xml => moved successfully.
C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKU\S-1-5-21-3883128668-3262603434-3209943220-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
ServiceSAM => Service removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
EmptyTemp: => 39.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 11:12:49 ====

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 11:23:01
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Slimthrowed - MARCUSPC
# Running from : C:\Users\Slimthrowed\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[9fndshqv.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[9fndshqv.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"952be1c3ff0320829e6181f0d7bbc67155bc1be6\"");
[9fndshqv.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1436746630209");

-\\ Google Chrome v43.0.2357.132


*************************

AdwCleaner[R0].txt - [5420 bytes] - [05/07/2015 14:22:58]
AdwCleaner[R1].txt - [1717 bytes] - [15/07/2015 11:20:17]
AdwCleaner[S0].txt - [5386 bytes] - [05/07/2015 14:23:43]
AdwCleaner[S1].txt - [1333 bytes] - [15/07/2015 11:23:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1392  bytes] ##########
 

 

Each time my computer restarted, it took longer than usual for it get to my password screen.  This only seemed to happen as long as I was connected to the internet.  If I disconnected the internet, my computer ran fine, at normal load and speed time.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 15 July 2015 - 12:18 PM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#5 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 15 July 2015 - 02:23 PM

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Slimthrowed on Wed 07/15/2015 at 15:01:40.58.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Slimthrowed\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7/15/2015 3:03:31 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Slimthrowed\AppData\Roaming\hpqlog deleted successfully
C:\Users\Slimthrowed\AppData\Local\CrashDumps deleted successfully
C:\Users\Slimthrowed\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3883128668-3262603434-3209943220-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E6BF60C6-6E88-4C82-9AED-5ECE9C916BC0} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Lavasoft\Web Companion deleted
C:\PROGRA~3\Lavasoft\Web Companion deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Slimthrowed\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysWOW64\LavasoftTcpService.dll deleted
C:\Users\SLIMTH~1\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\extensions\abs@avira.com deleted
C:\Users\SLIMTH~1\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default\extensions\safesearchplus@avira.com deleted
"C:\Windows\Installer\430d1a6e.msi" deleted
"C:\windows\Installer\23452.msi" deleted
"C:\Windows\Installer\430d1a72.msi" deleted
"C:\Users\Slimthrowed\AppData\Local\{40EE135F-370D-475B-B231-9CCFA048693C}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\SLIMTH~1\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default
user_pref("browser.startup.homepage", "https://www.google.com/?gws_rd=ssl");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions ======================

ProfilePath: C:\Users\SLIMTH~1\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Slimthrowed\AppData\Roaming\Mozilla\Firefox\Profiles\9fndshqv.default
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.132


Bookmark Manager - Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS"

==== shortcuts on Users Desktops ======================

C:\Users\Slimthrowed\Desktop\Google Drive.lnk - C:\Users\Slimthrowed\Google Drive

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Avira.lnk - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Connected Drive.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe C:\system.sav\util\HPCDDesktopIcon.exe
C:\Users\Public\Desktop\Connected Music.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe C:\system.sav\util\HPCM\HPCMDesktopIcon.exe
C:\Users\Public\Desktop\Connected Photo.lnk - C:\system.sav\util\HPCPDesktopIcon.exe
C:\Users\Public\Desktop\Evernote.lnk - C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\HP Smart Friend.lnk -  
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Pinger.lnk - C:\Program Files (x86)\Pinger\Pinger.exe
C:\Users\Public\Desktop\Snapfish.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://www.snapfish.com/hp_notebook_desktopicon_2014_us
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\WildTangent Games App - hp.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp hpcnb2c14

==== shortcuts in Users Start Menu ======================

C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Users\Slimthrowed\Desktop\WinRAR\Rar.txt
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Users\Slimthrowed\Desktop\WinRAR\WinRAR.hlp
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Users\Slimthrowed\Desktop\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus Help.lnk - C:\Program Files (x86)\Avira\Antivirus\208\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira on the Internet.lnk - C:\Program Files (x86)\Avira\Antivirus\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Start Avira Antivirus.lnk - C:\Program Files (x86)\Avira\Antivirus\securitycenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk - C:\Program Files (x86)\SpywareBlaster\sbhelp.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk - C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Connected Drive.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe C:\system.sav\util\HPCDDesktopIcon.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CyberLink Media Suite.lnk - C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CyberLink YouCam 5.lnk - C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Utility Center.lnk - C:\Program Files\Hewlett-Packard\HP Utility Center\HPUC.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Snapfish.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Slimthrowed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\63D3C2094529D73489CA19B3876E8046 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED50FC09F537BA245AA24F74DFBF2E70 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{902C3D36-9254-437D-98AC-913B78E60864} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90CF05DE-735F-42AB-A52A-F447FDFBE207} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\63D3C2094529D73489CA19B3876E8046 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ED50FC09F537BA245AA24F74DFBF2E70 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Slimthrowed\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Slimthrowed\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Slimthrowed\AppData\Local\Mozilla\Firefox\Profiles\9fndshqv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Slimthrowed\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6364 folders=192 318977620 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Slimthrowed\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SLIMTH~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 07/15/2015 at 15:18:37.93 ======================
 

 

 

My computer is running a bit faster.  It doesn't pause at the start up screen nearly as much as it did before, nor does there seem to be a slow down when I loaded or visited this site. (I haven't attempted anything other than google yet, just in case.)  Once I go to the desktop, it takes a moment for the icons on my desktop to show up, but they do after a few seconds and seem to all load/work just fine.  That may just be Windows 8.1 though.



#6 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 15 July 2015 - 02:37 PM

NVM about WinRaR, I was able to locate the file and delete it.

Edited by Randomtastic, 15 July 2015 - 02:44 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 16 July 2015 - 06:58 AM

Once I go to the desktop, it takes a moment for the icons on my desktop to show up, but they do after a few seconds and seem to all load/work just fine


Try this.

1. Delete the C:\Users\Username\AppData\Local\IconCache.db file
2. Reboot PC

The file will be re-created.

#8 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 16 July 2015 - 08:15 AM

The icons at the bottom load instantly on the task bar while the desktop waits a few seconds before loading. I tried shutting it down completely and restarting the computer and the same results: the desktop icons still load slowly.

Otherwise the computer seems fine. No pop-ups on the sites I've visited and it loads instantly even when connected to Internet when starting it up.

Edited by Randomtastic, 16 July 2015 - 08:23 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 16 July 2015 - 10:10 AM

I do not own a windows 8 operating system computer.

Check the issues with the experts in the Windows 8 forum.
http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

I will leave this topic open for 5 days. If you need to return please do.

#10 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 16 July 2015 - 10:27 AM

So my computer malware wise is okay then? THANK YOU SO MUCH!! Should I have any more issues, I'll come back before the days are up!

EDIT: Can I delete all those programs I had to download? Like Zoek and AdwCleaner?

Edited by Randomtastic, 16 July 2015 - 10:31 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 16 July 2015 - 12:52 PM

Can I delete all those programs I had to download? Like Zoek and AdwCleaner?


Yes you can.

I would keep AdwCleaner it's a good tool to remove popups.
Next time you use it you may be prompted to get the latest version.
Please do.

#12 Randomtastic

Randomtastic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 16 July 2015 - 02:54 PM

Okay, cool. Thanks again!

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 AM

Posted 22 July 2015 - 07:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users