Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded Imgburn,other, from site, Uninstalled Play thru Player, etc.


  • This topic is locked This topic is locked
29 replies to this topic

#1 CPU_HDD

CPU_HDD

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 25 October 2015 - 03:17 PM

I downloaded Imgburn and installed, without antivirus software installed. Got bombed with adware,tried to uninstall, the allow this program to make changes to the computer box came up, I clicked yes on at least one. I then realized that was probably a bad idea, and used Revouninstall.
 
I ran AVG, malware bytes anti-malware,adwcleaner, and hitman.
 
I then tried to download a different cdburner. AVG caught something, I ran adwcleaner, and when I restarted, the internet didn't work. So I couldn't use hitman and malwarebytes.  It seemed like I was in as a different use with more permissions. It took a long time to reboot. Fortunately,  I was able to use hitmans reset point to get internet function back. I also uninstalled a lot of these programs, since more than antivirus can cause problems
 
I also ran Zemana anti malware and reset chrome.So that's about what happened.
 
Mostly it seems ok, but I wanted to see if I was clean. I haven't used the machine much, though, it was late last night when I did a lot of this.
 
Thanks in advance
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Weber (administrator) on WEBER-PC (25-10-2015 14:49:04)
Running from C:\Users\Weber\Downloads
Loaded Profiles: Weber (Available Profiles: Weber)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={956BBB48-3AA7-47B0-BFF5-48FAF1229AD0}&mid=95b51bfcafeb47cc9aa059e75bfbec43-2a2b55635c465921db03371c04870e2df438694b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-23 18:00:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> {08DF423C-E1B6-4EDE-9B8F-883F98EC13D0} URL = 
SearchScopes: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> {A0331676-AC83-46AF-95FF-6BFF0C2EEDE0} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11541
Toolbar: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> No Name - {10E6AEE7-E375-428D-B950-07183443ACF8} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Weber\AppData\Roaming\Mozilla\Firefox\Profiles\3pf9jonb.default
FF Homepage: hxxps://mysearch.avg.com/?cid={956BBB48-3AA7-47B0-BFF5-48FAF1229AD0}&mid=95b51bfcafeb47cc9aa059e75bfbec43-2a2b55635c465921db03371c04870e2df438694b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-23 18:00:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-24] (SurfRight B.V.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-23] ()
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [301488 2015-08-28] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 14:49 - 2015-10-25 14:49 - 00008708 _____ C:\Users\Weber\Downloads\FRST.txt
2015-10-25 14:48 - 2015-10-25 14:49 - 00000000 ____D C:\FRST
2015-10-25 14:46 - 2015-10-25 14:46 - 02197504 _____ (Farbar) C:\Users\Weber\Downloads\FRST64.exe
2015-10-24 22:23 - 2015-10-24 22:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-10-24 22:23 - 2015-10-24 22:23 - 00000000 ____D C:\Users\Weber\AppData\Local\Zemana
2015-10-24 22:22 - 2015-10-24 22:23 - 05193784 _____ ( ) C:\Users\Weber\Downloads\Zemana.AntiMalware.Setup.exe
2015-10-24 21:35 - 2015-10-24 21:35 - 00187144 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2015-10-24 20:30 - 2015-10-24 20:30 - 00070300 _____ C:\Users\Weber\Documents\HitmanPro_20151024_2030.log
2015-10-24 20:30 - 2015-10-24 20:30 - 00070300 _____ C:\HitmanPro_20151024_2030.log
2015-10-24 20:25 - 2015-10-24 21:33 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-24 20:25 - 2015-10-24 20:25 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-24 20:25 - 2015-10-24 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-24 20:24 - 2015-10-24 20:28 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-24 20:13 - 2015-10-24 20:14 - 11336600 _____ (SurfRight B.V.) C:\Users\Weber\Downloads\HitmanPro_x64.exe
2015-10-24 20:03 - 2015-10-24 20:03 - 00007172 _____ C:\mwb.txt
2015-10-24 19:48 - 2015-10-24 21:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-24 19:47 - 2015-10-24 19:47 - 22908888 _____ (Malwarebytes ) C:\Users\Weber\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-10-24 19:42 - 2015-10-24 19:43 - 22908888 _____ (Malwarebytes ) C:\Users\Weber\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-24 19:34 - 2015-10-24 21:26 - 00000000 ____D C:\AdwCleaner
2015-10-24 19:33 - 2015-10-24 19:33 - 01691648 _____ C:\Users\Weber\Downloads\adwcleaner_5.014.exe
2015-10-24 19:07 - 2015-10-24 21:33 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-24 19:07 - 2015-10-24 19:07 - 00001268 _____ C:\Users\Weber\Desktop\Revo Uninstaller.lnk
2015-10-24 19:06 - 2015-10-24 19:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Weber\Downloads\revosetup.exe
2015-10-23 18:00 - 2015-10-23 18:01 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-10-23 18:00 - 2015-10-23 18:00 - 00000000 ____D C:\Users\Weber\AppData\Local\AVG Web TuneUp
2015-10-23 18:00 - 2015-10-23 18:00 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-10-23 17:52 - 2015-10-23 17:52 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-10-23 17:52 - 2015-10-23 17:52 - 00000000 ____D C:\Users\Weber\AppData\Roaming\TuneUp Software
2015-10-23 17:52 - 2015-10-23 17:52 - 00000000 ____D C:\Users\Weber\AppData\Roaming\AVG
2015-10-23 17:52 - 2015-10-23 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-23 17:52 - 2015-10-23 17:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-23 17:51 - 2015-10-23 17:51 - 00000000 ___HD C:\$AVG
2015-10-23 17:49 - 2015-10-25 14:45 - 00000000 ____D C:\ProgramData\MFAData
2015-10-23 17:49 - 2015-10-23 17:49 - 00000000 ____D C:\Users\Weber\AppData\Local\MFAData
2015-10-23 17:48 - 2015-10-23 17:51 - 00000000 ____D C:\ProgramData\Avg
2015-10-23 17:48 - 2015-10-23 17:51 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-23 17:47 - 2015-10-23 17:52 - 00000000 ____D C:\Users\Weber\AppData\Local\Avg
2015-10-23 17:47 - 2015-10-23 17:49 - 00000000 ____D C:\Users\Weber\AppData\Local\AvgSetupLog
2015-10-23 17:47 - 2015-10-23 17:47 - 05051808 _____ (AVG Technologies) C:\Users\Weber\Downloads\avg_avc_stb_all_2015_ltst_547.exe
2015-10-23 17:47 - 2015-10-23 17:47 - 02894552 _____ (AVG Technologies) C:\Users\Weber\Downloads\AVG_Antivirus_739.exe
2015-10-23 17:24 - 2015-10-23 17:24 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-23 17:15 - 2015-10-23 17:16 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-10-23 17:14 - 2015-10-23 17:14 - 00000167 _____ C:\Users\Weber\Downloads\index.html#.url
2015-10-23 17:11 - 2015-10-23 17:11 - 00887632 _____ (Developed Small Install System) C:\Users\Weber\Downloads\SetupImgBurn_2.5.8.0(2).exe
2015-10-23 17:05 - 2015-10-23 17:05 - 00887656 _____ (Developed Small Install System) C:\Users\Weber\setup.exe
2015-10-22 12:29 - 2015-10-22 12:49 - 571322368 _____ C:\Users\Weber\Downloads\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
2015-10-19 19:56 - 2015-10-19 19:56 - 10940797 _____ C:\Users\Weber\Downloads\psw-upz-3-1-23-47-r7-u01-9l (1).zip
2015-10-19 19:55 - 2015-10-19 19:56 - 10940797 _____ C:\Users\Weber\Downloads\psw-upz-3-1-23-47-r7-u01-9l.zip
2015-10-19 19:54 - 2015-10-19 19:58 - 00000000 ____D C:\Users\Weber\AppData\Local\CANON_INC
2015-10-19 19:49 - 2015-10-19 19:49 - 124644565 _____ C:\Users\Weber\Downloads\IBXW_INST_1_4_0_5_U01_9L (1).zip
2015-10-19 19:45 - 2015-10-19 19:46 - 124644565 _____ C:\Users\Weber\Downloads\IBXW_INST_1_4_0_5_U01_9L.zip
2015-10-19 19:39 - 2015-10-19 19:39 - 69488919 _____ C:\Users\Weber\Downloads\psew1.15.30-installer.zip
2015-10-19 17:41 - 2015-10-19 17:41 - 29908868 _____ C:\Users\Weber\Downloads\crc-1-11-0-75r3-7l.zip
2015-10-19 17:39 - 2015-10-19 17:40 - 69613920 _____ (CANON INC.) C:\Users\Weber\Downloads\dppw31415 (1).exe
2015-10-19 17:36 - 2015-10-19 17:39 - 69613920 _____ (CANON INC.) C:\Users\Weber\Downloads\dppw31415.exe
2015-10-19 17:19 - 2015-10-19 17:19 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2015-10-19 17:18 - 2015-10-19 19:57 - 00000000 ____D C:\dpp
2015-10-19 17:17 - 2015-10-19 17:18 - 69428192 _____ C:\Users\Weber\Downloads\dppw3.15.0-updater (1).zip
2015-10-19 17:16 - 2015-10-19 17:17 - 69428192 _____ C:\Users\Weber\Downloads\dppw3.15.0-updater.zip
2015-10-19 17:14 - 2015-10-19 17:19 - 00000000 ____D C:\Users\Weber\AppData\Roaming\Canon
2015-10-19 17:13 - 2015-10-19 17:13 - 00001296 _____ C:\Users\Public\Desktop\ZoomBrowser EX.lnk
2015-10-19 17:13 - 2015-10-19 17:13 - 00000000 ____D C:\ProgramData\ZoomBrowser
2015-10-19 17:12 - 2015-10-19 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-19 17:12 - 2015-10-19 19:58 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-19 17:12 - 2015-10-19 19:43 - 00001201 _____ C:\Users\Public\Desktop\Picture Style Editor.lnk
2015-10-19 17:12 - 2015-10-19 17:19 - 00001136 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk
2015-10-19 17:12 - 2015-10-19 17:12 - 00001071 _____ C:\Users\Public\Desktop\EOS Utility.lnk
2015-10-02 18:17 - 2015-10-23 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-25 14:42 - 2014-06-02 22:11 - 00216391 _____ C:\Windows\WindowsUpdate.log
2015-10-25 14:41 - 2014-08-14 08:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-25 14:41 - 2014-06-02 21:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-25 14:41 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-25 14:41 - 2009-07-13 23:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-24 22:46 - 2009-07-14 00:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 22:41 - 2014-06-02 21:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-24 22:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-24 22:41 - 2009-07-13 23:51 - 00026264 _____ C:\Windows\setupact.log
2015-10-24 21:34 - 2014-06-02 22:14 - 00000000 ____D C:\Users\Weber
2015-10-24 21:33 - 2009-07-14 02:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-24 21:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-24 21:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-10-24 20:07 - 2014-06-17 19:46 - 00023466 _____ C:\Windows\PFRO.log
2015-10-23 17:47 - 2014-06-23 22:00 - 00064536 _____ C:\Users\Weber\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-23 17:37 - 2009-07-13 23:45 - 00295368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-22 12:28 - 2014-08-14 08:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-22 11:07 - 2014-08-14 08:05 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 11:07 - 2014-08-14 08:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-19 17:14 - 2014-06-02 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-19 17:12 - 2014-06-02 21:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 15:06 - 2014-06-02 21:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-29 15:06 - 2014-06-02 21:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-29 14:56 - 2014-06-02 21:20 - 00000000 ____D C:\Users\Weber\AppData\Local\Google
 
Files to move or delete:
====================
C:\Users\Weber\setup.exe
 
 
Some files in TEMP:
====================
C:\Users\Weber\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Weber\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-08 12:31
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 30 October 2015 - 11:50 AM

:welcome:

Hello CPU_HDD,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 01 November 2015 - 01:19 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 03 November 2015 - 03:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 04 November 2015 - 02:51 PM

re-opened topic

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 03:23 PM

Thank you Jo*, I will try to keep up with this thread better.

 

I hope I haven't goofed anything up.  I should be able to easily do another Farbar scan, if necessary.

 

AVG has caught some stuff while downloading and running the scan tools, it popped up during Malwarebytes scan.  I think it said MalSign:Generic:584.  I let AVG deal with the problem.

 

Here is the Screen317 scan:

 

 Results of screen317's Security Check version 1.009  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 AVG Web TuneUp   
 Adobe Flash Player 19.0.0.226  
 Mozilla Firefox (41.0.2) 
 Google Chrome (46.0.2490.71) 
 Google Chrome (46.0.2490.80) 
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log``````````````````````
 
 
 
 
 
Here is the AdwCleaner scan:
 

# AdwCleaner v5.014 - Logfile created 24/10/2015 at 21:26:54
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Local]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Weber - WEBER-PC
# Running from : C:\Users\Weber\Downloads\adwcleaner_5.014.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [572 bytes] ##########
# AdwCleaner v5.017 - Logfile created 04/11/2015 at 14:05:32
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Weber - WEBER-PC
# Running from : C:\Users\Weber\Desktop\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\S-1-5-18\Software\Avg Secure Update
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1449 bytes] ##########
 
 
 
I am not sure what happened the first time malwarebytes anti rootkit scanned, the screen saver turned off the screen, and when I moved something, it disappeared.  It did seem to save a log.  Also, as mentioned above, AVG caught some malware during the scan.
 
It didn't find anything the second time, but also saved a log. AVG didn't pop up the second time.
 
Here is the first scan log:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.11.04.06
  rootkit: v2015.11.04.02
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Weber :: WEBER-PC [administrator]
 
11/4/2015 1:04:35 PM
mbar-log-2015-11-04 (13-04-35).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 310890
Time elapsed: 20 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 

 



#7 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 03:30 PM

Here is another Farbar scan, with addition. This was done after the last post.  right now

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Weber (administrator) on WEBER-PC (04-11-2015 14:26:22)
Running from C:\Users\Weber\Desktop
Loaded Profiles: Weber (Available Profiles: Weber)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Weber\Desktop\AdwCleaner (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={956BBB48-3AA7-47B0-BFF5-48FAF1229AD0}&mid=95b51bfcafeb47cc9aa059e75bfbec43-2a2b55635c465921db03371c04870e2df438694b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-23 18:00:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> {08DF423C-E1B6-4EDE-9B8F-883F98EC13D0} URL = 
SearchScopes: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> {A0331676-AC83-46AF-95FF-6BFF0C2EEDE0} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11541
Toolbar: HKU\S-1-5-21-3296664383-3654566077-1846858350-1001 -> No Name - {10E6AEE7-E375-428D-B950-07183443ACF8} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Weber\AppData\Roaming\Mozilla\Firefox\Profiles\3pf9jonb.default
FF Homepage: hxxps://mysearch.avg.com/?cid={956BBB48-3AA7-47B0-BFF5-48FAF1229AD0}&mid=95b51bfcafeb47cc9aa059e75bfbec43-2a2b55635c465921db03371c04870e2df438694b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-23 18:00:36&v=4.1.8.599&pid=wtu&sg=&sap=hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-25] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-04] (SurfRight B.V.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-23] ()
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-04 14:26 - 2015-11-04 14:26 - 00008447 _____ C:\Users\Weber\Desktop\FRST.txt
2015-11-04 14:26 - 2015-11-04 14:26 - 00000000 ____D C:\Users\Weber\Desktop\FRST-OlderVersion
2015-11-04 14:25 - 2015-11-04 14:26 - 02198016 _____ (Farbar) C:\Users\Weber\Desktop\FRST64.exe
2015-11-04 14:09 - 2015-11-04 14:09 - 00001528 _____ C:\Users\Weber\Desktop\AdwCleaner[S3].txt
2015-11-04 14:09 - 2015-11-04 14:09 - 00001528 _____ C:\AdwCleaner[S3].txt
2015-11-04 14:05 - 2015-11-04 14:04 - 01708032 _____ C:\Users\Weber\Desktop\AdwCleaner (1).exe
2015-11-04 14:04 - 2015-11-04 14:04 - 01708032 _____ C:\Users\Weber\Downloads\AdwCleaner (1).exe
2015-11-04 14:03 - 2015-11-04 14:03 - 00000845 _____ C:\Users\Weber\Desktop\checkupII.txt
2015-11-04 13:55 - 2015-11-04 13:55 - 01708032 _____ C:\Users\Weber\Downloads\AdwCleaner.exe
2015-11-04 13:55 - 2015-11-04 13:55 - 01708032 _____ C:\Users\Weber\Desktop\AdwCleaner.exe
2015-11-04 13:04 - 2015-11-04 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-04 13:04 - 2015-11-04 13:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-04 13:03 - 2015-11-04 13:53 - 00000000 ____D C:\Users\Weber\Desktop\mbar
2015-11-04 13:03 - 2015-11-04 13:32 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-04 12:59 - 2015-11-04 12:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Weber\Downloads\mbar-1.09.3.1001.exe
2015-11-04 12:59 - 2015-11-04 12:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Weber\Downloads\mbar-1.09.3.1001 (1).exe
2015-11-04 12:59 - 2015-11-04 12:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Weber\Desktop\mbar-1.09.3.1001 (1).exe
2015-11-04 12:35 - 2015-11-04 12:35 - 00000845 _____ C:\Users\Weber\Desktop\checkup.txt
2015-11-04 12:33 - 2015-11-04 12:32 - 00852720 _____ C:\Users\Weber\Desktop\SecurityCheck (2).exe
2015-11-04 12:32 - 2015-11-04 12:32 - 00852720 _____ C:\Users\Weber\Downloads\SecurityCheck (2).exe
2015-11-04 12:31 - 2015-11-04 12:31 - 00852720 _____ C:\Users\Weber\Downloads\SecurityCheck (1).exe
2015-11-04 12:29 - 2015-11-04 12:29 - 00852720 _____ C:\Users\Weber\Downloads\SecurityCheck.exe
2015-11-04 11:46 - 2015-11-04 11:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-11-04 11:46 - 2015-11-04 11:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-10-25 20:46 - 2015-11-04 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-25 13:49 - 2015-10-25 13:50 - 00019937 _____ C:\Users\Weber\Downloads\Addition.txt
2015-10-25 13:49 - 2015-10-25 13:50 - 00019423 _____ C:\Users\Weber\Downloads\FRST.txt
2015-10-25 13:48 - 2015-11-04 14:26 - 00000000 ____D C:\FRST
2015-10-25 13:46 - 2015-10-25 13:46 - 02197504 _____ (Farbar) C:\Users\Weber\Downloads\FRST64.exe
2015-10-24 21:23 - 2015-10-24 21:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-10-24 21:23 - 2015-10-24 21:23 - 00000000 ____D C:\Users\Weber\AppData\Local\Zemana
2015-10-24 21:22 - 2015-10-24 21:23 - 05193784 _____ ( ) C:\Users\Weber\Downloads\Zemana.AntiMalware.Setup.exe
2015-10-24 20:35 - 2015-10-24 20:35 - 00187144 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2015-10-24 19:30 - 2015-10-24 19:30 - 00070300 _____ C:\Users\Weber\Documents\HitmanPro_20151024_2030.log
2015-10-24 19:30 - 2015-10-24 19:30 - 00070300 _____ C:\HitmanPro_20151024_2030.log
2015-10-24 19:25 - 2015-10-24 20:33 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-24 19:25 - 2015-10-24 19:25 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-24 19:25 - 2015-10-24 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-24 19:24 - 2015-10-24 19:28 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-24 19:13 - 2015-10-24 19:14 - 11336600 _____ (SurfRight B.V.) C:\Users\Weber\Downloads\HitmanPro_x64.exe
2015-10-24 19:03 - 2015-10-24 19:03 - 00007172 _____ C:\mwb.txt
2015-10-24 18:48 - 2015-11-04 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-24 18:47 - 2015-10-24 18:47 - 22908888 _____ (Malwarebytes ) C:\Users\Weber\Downloads\mbam-setup-2.2.0.1024 (1).exe
2015-10-24 18:42 - 2015-10-24 18:43 - 22908888 _____ (Malwarebytes ) C:\Users\Weber\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-24 18:34 - 2015-11-04 14:03 - 00000000 ____D C:\AdwCleaner
2015-10-24 18:33 - 2015-10-24 18:33 - 01691648 _____ C:\Users\Weber\Downloads\adwcleaner_5.014.exe
2015-10-24 18:07 - 2015-10-24 20:33 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-24 18:07 - 2015-10-24 18:07 - 00001268 _____ C:\Users\Weber\Desktop\Revo Uninstaller.lnk
2015-10-24 18:06 - 2015-10-24 18:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Weber\Downloads\revosetup.exe
2015-10-23 17:00 - 2015-10-23 17:01 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-10-23 17:00 - 2015-10-23 17:00 - 00000000 ____D C:\Users\Weber\AppData\Local\AVG Web TuneUp
2015-10-23 17:00 - 2015-10-23 17:00 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-10-23 16:52 - 2015-11-04 11:46 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-10-23 16:52 - 2015-11-04 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-23 16:52 - 2015-10-23 16:52 - 00000000 ____D C:\Users\Weber\AppData\Roaming\TuneUp Software
2015-10-23 16:52 - 2015-10-23 16:52 - 00000000 ____D C:\Users\Weber\AppData\Roaming\AVG
2015-10-23 16:52 - 2015-10-23 16:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-23 16:51 - 2015-10-23 16:51 - 00000000 ___HD C:\$AVG
2015-10-23 16:49 - 2015-11-04 13:54 - 00000000 ____D C:\ProgramData\MFAData
2015-10-23 16:49 - 2015-10-23 16:49 - 00000000 ____D C:\Users\Weber\AppData\Local\MFAData
2015-10-23 16:48 - 2015-10-23 16:51 - 00000000 ____D C:\ProgramData\Avg
2015-10-23 16:48 - 2015-10-23 16:51 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-23 16:47 - 2015-11-04 11:45 - 00000000 ____D C:\Users\Weber\AppData\Local\Avg
2015-10-23 16:47 - 2015-10-23 16:49 - 00000000 ____D C:\Users\Weber\AppData\Local\AvgSetupLog
2015-10-23 16:47 - 2015-10-23 16:47 - 05051808 _____ (AVG Technologies) C:\Users\Weber\Downloads\avg_avc_stb_all_2015_ltst_547.exe
2015-10-23 16:47 - 2015-10-23 16:47 - 02894552 _____ (AVG Technologies) C:\Users\Weber\Downloads\AVG_Antivirus_739.exe
2015-10-23 16:24 - 2015-10-23 16:24 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-23 16:15 - 2015-10-23 16:16 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-10-23 16:14 - 2015-10-23 16:14 - 00000167 _____ C:\Users\Weber\Downloads\index.html#.url
2015-10-22 11:29 - 2015-10-22 11:49 - 571322368 _____ C:\Users\Weber\Downloads\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-10-19 18:56 - 2015-10-19 18:56 - 10940797 _____ C:\Users\Weber\Downloads\psw-upz-3-1-23-47-r7-u01-9l (1).zip
2015-10-19 18:55 - 2015-10-19 18:56 - 10940797 _____ C:\Users\Weber\Downloads\psw-upz-3-1-23-47-r7-u01-9l.zip
2015-10-19 18:54 - 2015-10-19 18:58 - 00000000 ____D C:\Users\Weber\AppData\Local\CANON_INC
2015-10-19 18:49 - 2015-10-19 18:49 - 124644565 _____ C:\Users\Weber\Downloads\IBXW_INST_1_4_0_5_U01_9L (1).zip
2015-10-19 18:45 - 2015-10-19 18:46 - 124644565 _____ C:\Users\Weber\Downloads\IBXW_INST_1_4_0_5_U01_9L.zip
2015-10-19 18:39 - 2015-10-19 18:39 - 69488919 _____ C:\Users\Weber\Downloads\psew1.15.30-installer.zip
2015-10-19 16:41 - 2015-10-19 16:41 - 29908868 _____ C:\Users\Weber\Downloads\crc-1-11-0-75r3-7l.zip
2015-10-19 16:39 - 2015-10-19 16:40 - 69613920 _____ (CANON INC.) C:\Users\Weber\Downloads\dppw31415 (1).exe
2015-10-19 16:36 - 2015-10-19 16:39 - 69613920 _____ (CANON INC.) C:\Users\Weber\Downloads\dppw31415.exe
2015-10-19 16:19 - 2015-10-19 16:19 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2015-10-19 16:18 - 2015-10-19 18:57 - 00000000 ____D C:\dpp
2015-10-19 16:17 - 2015-10-19 16:18 - 69428192 _____ C:\Users\Weber\Downloads\dppw3.15.0-updater (1).zip
2015-10-19 16:16 - 2015-10-19 16:17 - 69428192 _____ C:\Users\Weber\Downloads\dppw3.15.0-updater.zip
2015-10-19 16:14 - 2015-10-19 16:19 - 00000000 ____D C:\Users\Weber\AppData\Roaming\Canon
2015-10-19 16:13 - 2015-10-19 16:13 - 00001296 _____ C:\Users\Public\Desktop\ZoomBrowser EX.lnk
2015-10-19 16:13 - 2015-10-19 16:13 - 00000000 ____D C:\ProgramData\ZoomBrowser
2015-10-19 16:12 - 2015-10-19 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-19 16:12 - 2015-10-19 18:58 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-19 16:12 - 2015-10-19 18:43 - 00001201 _____ C:\Users\Public\Desktop\Picture Style Editor.lnk
2015-10-19 16:12 - 2015-10-19 16:19 - 00001136 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk
2015-10-19 16:12 - 2015-10-19 16:12 - 00001071 _____ C:\Users\Public\Desktop\EOS Utility.lnk
2015-10-19 08:03 - 2015-10-19 08:03 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-08 07:46 - 2015-10-08 07:46 - 00302000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-04 14:22 - 2014-08-14 07:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 14:11 - 2014-06-02 20:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 12:41 - 2009-07-13 23:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 12:31 - 2014-06-02 21:11 - 00223600 _____ C:\Windows\WindowsUpdate.log
2015-11-04 12:30 - 2014-06-02 21:14 - 00000000 ____D C:\Users\Weber
2015-11-04 11:55 - 2009-07-13 22:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-04 11:55 - 2009-07-13 22:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-04 11:50 - 2014-06-02 20:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 11:50 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 11:50 - 2009-07-13 22:51 - 00026320 _____ C:\Windows\setupact.log
2015-11-04 11:49 - 2014-06-17 18:46 - 00023838 _____ C:\Windows\PFRO.log
2015-11-04 11:49 - 2014-06-02 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-29 19:12 - 2014-06-02 20:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-25 18:36 - 2014-08-14 07:05 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-25 18:36 - 2014-08-14 07:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-25 18:36 - 2014-08-14 07:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-24 20:33 - 2009-07-14 01:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-24 20:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-24 20:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-10-23 16:47 - 2014-06-23 21:00 - 00064536 _____ C:\Users\Weber\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-23 16:37 - 2009-07-13 22:45 - 00295368 _____ C:\Windows\system32\FNTCACHE.DAT
 
Some files in TEMP:
====================
C:\Users\Weber\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Weber\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-04 11:42
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Weber (2015-11-04 14:27:06)
Running from C:\Users\Weber\Desktop
Windows 7 Ultimate (X64) (2014-06-03 01:52:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================a
 
Administrator (S-1-5-21-3296664383-3654566077-1846858350-500 - Administrator - Disabled)
Guest (S-1-5-21-3296664383-3654566077-1846858350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3296664383-3654566077-1846858350-1002 - Limited - Enabled)
Weber (S-1-5-21-3296664383-3654566077-1846858350-1001 - Administrator - Enabled) => C:\Users\Weber
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.15.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.3.1.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.15.30.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
01-10-2015 18:37:50 Scheduled Checkpoint
23-10-2015 16:23:53 Removed Playthru Player
23-10-2015 16:24:19 Removed Playthru Player
23-10-2015 16:24:39 Removed Playthru Player
23-10-2015 16:38:11 Removed Playthru Player
23-10-2015 16:43:52 Removed Playthru Player
23-10-2015 16:45:16 Removed UpdateAdmin
23-10-2015 16:51:13 Installed AVG 2016
23-10-2015 16:51:31 Installed AVG
23-10-2015 17:11:10 Removed Playthru Player
23-10-2015 17:11:40 Removed UpdateAdmin
24-10-2015 17:52:42 Removed Playthru Player
24-10-2015 18:07:47 Revo Uninstaller's restore point - Playthru Player
24-10-2015 18:08:02 Removed Playthru Player
24-10-2015 18:09:35 Revo Uninstaller's restore point - UpdateAdmin
24-10-2015 19:27:43 Checkpoint by HitmanPro
24-10-2015 19:28:38 Checkpoint by HitmanPro
24-10-2015 20:32:10 Restore Operation
24-10-2015 20:39:55 Checkpoint by HitmanPro
24-10-2015 21:13:23 After_antivirus_10_24_15
24-10-2015 21:26:46 Zemana AntiMalware 10/24/2015 10:26:46 PM
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {124D4EEE-E392-40AF-A8CD-6AD27ECA7CB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {2A016528-8878-4C8B-87DF-930D4474D49D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {FEA3E36D-7565-48CA-AB7D-8BDBCE58175E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-25] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-23 17:00 - 2015-10-23 16:59 - 01205136 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-11-04 14:05 - 2015-11-04 14:04 - 01708032 _____ () C:\Users\Weber\Desktop\AdwCleaner (1).exe
2015-10-23 16:49 - 2015-10-23 16:48 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Weber\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{15298B73-E23A-4D35-B7A8-D6BEAA37443A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A36512A3-3872-47B4-BC80-9D7EC99BAA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14A3B5AB-7777-419B-A083-4B13A99D0D7A}] => (Allow) C:\Users\Weber\AppData\Local\TNT2\2.0.0.2010\TNT2User.exe
FirewallRules: [{5391B308-077A-4BCD-A294-B87950CEBCBD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0D4E7057-04D9-4D9F-B9F0-7C4B43A6B758}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{76137576-643A-4446-84AA-8FA5A7ADEFDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C60717A-C4AC-40C9-84F2-8261DB4181CF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{97199666-9443-4B53-86D8-8AC7251744E0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E55A3668-9014-4ECC-89E8-97946264DE93}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CDE77A7F-06B9-4E32-9A0C-AD786EB98772}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5555F5E7-EF11-41CC-ADAC-84C5FED9600F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{768E8244-1497-45E6-969F-175308DA3EF3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Faulty Device Manager Devices =============
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000193EC30.72).  hr = 0x80070005, Access is denied.
.
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000970,(null),0,REG_BINARY,0000000005ACE250.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {dd067b96-a2d7-40c5-bfed-33097550e6ca}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000029c,(null),0,REG_BINARY,00000000004EDE00.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4c80e39e-121f-47d4-b641-b3f90f486a3b}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000970,(null),0,REG_BINARY,0000000005ACE250.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {dd067b96-a2d7-40c5-bfed-33097550e6ca}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000077c,(null),0,REG_BINARY,000000000149E2B0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {a6c94ebf-4ffb-4b7f-8368-6815bc8f0c9a}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000029c,(null),0,REG_BINARY,00000000004EDE00.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4c80e39e-121f-47d4-b641-b3f90f486a3b}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000077c,(null),0,REG_BINARY,000000000149E2B0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {a6c94ebf-4ffb-4b7f-8368-6815bc8f0c9a}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,0000000001BCEDC0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {6ed5b6ac-60f4-44c3-96d2-0425e169ab51}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,0000000001D3ECE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d275e43e-743f-4773-b0dd-b629bcb92523}
 
Error: (10/24/2015 07:28:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,000000000235E7F0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {f77a9f75-e9b5-4fec-bdc0-39fe2189371d}
 
 
System errors:
=============
Error: (10/24/2015 08:59:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/24/2015 08:59:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/24/2015 08:59:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/24/2015 08:59:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/24/2015 08:59:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HitmanPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/24/2015 08:59:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WtuSystemSupport service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/24/2015 08:31:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147012892
 
Error: (10/24/2015 08:30:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147012892
 
Error: (10/24/2015 08:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147012892
 
Error: (10/24/2015 08:29:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741502.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4028.6 MB
Available physical RAM: 2405.01 MB
Total Virtual: 8055.35 MB
Available Virtual: 6413.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:103.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 06BD0F3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#8 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 03:32 PM

AdwCleaner seemed to have a problem with AVG.  I think I would like to keep AVG, for now.



#9 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 04 November 2015 - 03:41 PM

Hello,

please download zoek.exe to your Desktop:

createsrpoint;
emptyclsid;
emptyalltemp;
autoclean;
  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • it takes a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
  • close any open programs
  • click the Run script button, and wait. It takes a few minutes to run
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.
When youve done that, run FRST again and let us know if the problem is still there.
 

***


Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.


    ***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 03:59 PM

I put the following into zoek and clicked run script:

 

 

createsrpoint;
emptyclsid;
emptyalltemp;
autoclean

 

It said

 

DaS_21.exe-.NET Framework Initialization Error

 

To run this application, you must first install one of the following versions of the .NET Framework: v4.0.30319

Contact your application publisher for instructions about obtaining the appropriate version of the .NET Framework.

 

What now?  do you still want the malwarebytes scan?



#11 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 04:09 PM

Aaaaargh! Zoek was still running when I got got that error message. I tried to stop and restart, but it wouldn't stop.

I opened some programs while it was running, once it stops I'll run it again.

#12 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 04 November 2015 - 04:53 PM

Hello CPU_HDD,

ok,
restart the pc, skip the malwarebytes scan and do the following:

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 05:03 PM

Zoek looks pretty cool, and screen317 program looked kinda like DOS! Fun stuff :) any tutorials on these programs?

I already restarted zoek. Do you want me to post that scan and then malwarebytes? Or do second instructions , starting with adwcleaner?

AVG had issues with Zoek. Is this normal? Or did the malware do something to Zoek?

This machine has had no antivirus software for a while. Could be other malware.

Machine is running fine, I think.

Edited by CPU_HDD, 04 November 2015 - 05:03 PM.


#14 CPU_HDD

CPU_HDD
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 05:19 PM

Also, at the end of Zoek, the computer restarted.

#15 Jo*

Jo*

  • Malware Response Team
  • 3,466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 PM

Posted 04 November 2015 - 05:25 PM

If Zoek created a log, please post it.

Skip Malwarebytes.

Then do the scans as instructed with post #12 amd post the logs too.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users