Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses and malware are completely taking over my computer and AVG can't fix it.


  • Please log in to reply
9 replies to this topic

#1 shady pines ma

shady pines ma

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 29 May 2016 - 06:09 PM

Just trying to post this has been a complete nightmare of persistent pop up ads, plus all of this stuff is slowing everything down so badly I can barely do this. I wish I could be more detailed, but I'm not even sure of all the stuff I'm dealing with here. I've run AVG in both safe and normal mode with no joy.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Joey (administrator) on JOEY-PC (29-05-2016 17:00:39)
Running from C:\Users\Joey\Desktop
Loaded Profiles: Joey (Available Profiles: Joey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\dataup\dataup.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft) C:\Program Files (x86)\Sysdriver\Scheduler.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft) C:\Program Files (x86)\Windriver\Scheduler.Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\supervisory\impracticality.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Users\Joey\AppData\Local\Temp\20160528\ct.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\msrtn32\rthdcpd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [ospd_us_014010342] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [AirVideoServer] => C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe [4923784 2010-09-21] ()
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6597768 2015-12-22] (Plex, Inc.)
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [impracticality] => C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [harken] => "C:\Program Files (x86)\unidimensional\caballero.exe"
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\MountPoints2: {57678dd8-8e3f-11e5-8bb1-001fc6fa6625} - H:\LGAutoRun.exe
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-25]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-04]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 66.38.1.240 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{0086FC7E-686F-46C7-A777-583954F44CAA}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{0086FC7E-686F-46C7-A777-583954F44CAA}: [DhcpNameServer] 66.38.1.240 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQDSK/1
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/CQDSK/1
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQDSK/1
SearchScopes: HKLM -> DefaultScope {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {E25840A9-9DF4-421A-B33A-075A43A77128} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> DefaultScope {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E25840A9-9DF4-421A-B33A-075A43A77128} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> DefaultScope {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> {B920F5B5-F0E2-4684-92F2-1383EAA352AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> {E25840A9-9DF4-421A-B33A-075A43A77128} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
BHO-x32: IeWebtoptimumPlugin.BHO -> {314cc13e-2027-44ca-838b-546591a01fda} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF Extension: FlashGot - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-05-29]
FF Extension: Status-4-Evar - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\extensions\status4evar@caligonstudios.com.xpi [2016-05-29]
FF Extension: Rehost Image - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\extensions\rehostimage@engy.us.xpi [2016-05-29]
FF Extension: Classic Theme Restorer - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-05-29]
FF Extension: Complete YouTube Saver - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2016-05-29]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\elemhidehelper@adblockplus.org.xpi [2016-05-29]
FF Extension: Multiple Checkbox Checker - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\jid0-BhB0u1jjAYBkCecSVdoY1yjuo6o@jetpack.xpi [2016-05-29]
FF Extension: Magrent - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\jid1-9tZMAIdeuiEjHg@jetpack.xpi [2016-05-29]
FF Extension: Keyword Search - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\keywordsearch@kaply.com.xpi [2016-05-29]
FF Extension: Video DownloadHelper - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-29]
FF Extension: Adblock Plus - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\x6mqb4lo.default-1464508121209\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-29]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
    
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-29]
CHR Extension: (Google Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Google Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Helper; C:\Program Files (x86)\Sysdriver\Scheduler.Service.exe [8192 2016-04-04] (Microsoft) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [6503528 2016-04-13] (MediaMall Technologies, Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 Scheduler; C:\Program Files (x86)\Windriver\Scheduler.Service.exe [8192 2016-04-12] (Microsoft) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Joey\AppData\Local\Temp\20160528\ct.exe [852992 2016-03-21] (Google Inc.) [File not signed]
S2 Savdi; "C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe" -cms [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 17:00 - 2016-05-29 17:03 - 00022871 _____ C:\Users\Joey\Desktop\FRST.txt
2016-05-29 17:00 - 2016-05-29 17:00 - 00000000 ____D C:\FRST
2016-05-29 16:59 - 2016-05-29 16:59 - 02383872 _____ (Farbar) C:\Users\Joey\Desktop\FRST64.exe
2016-05-29 16:30 - 2016-05-29 16:30 - 00000000 ____D C:\Users\Joey\AppData\Local\FASTExtensions
2016-05-29 16:13 - 2016-05-29 16:54 - 00000000 ____D C:\Users\Joey\AppData\Roaming\wardmain
2016-05-29 16:06 - 2016-05-29 16:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joey\Desktop\HijackThis.exe
2016-05-29 16:02 - 2016-05-29 16:59 - 00001376 _____ C:\Users\Joey\Desktop\Google Chrome.lnk
2016-05-29 16:02 - 2016-05-29 16:59 - 00001304 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-29 13:29 - 2016-05-29 14:38 - 00014128 _____ C:\Users\Joey\Desktop\avgrep.txt
2016-05-29 02:48 - 2016-05-29 02:48 - 00000000 ____D C:\Users\Joey\Desktop\Old Firefox Data
2016-05-29 02:42 - 2016-05-29 02:42 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-29 02:40 - 2016-05-29 16:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-29 02:40 - 2016-05-29 16:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-29 02:40 - 2016-05-29 02:50 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-29 02:40 - 2016-05-29 02:50 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-28 19:41 - 2016-05-29 16:22 - 00000000 ____D C:\Users\Joey\AppData\Local\mstrn32
2016-05-28 19:41 - 2016-05-28 19:41 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-05-28 19:19 - 2016-05-28 19:19 - 00000000 ____D C:\Users\Joey\AppData\Local\cpx
2016-05-28 19:19 - 2016-05-28 19:19 - 00000000 ____D C:\Users\Joey\AppData\Local\CEF
2016-05-28 19:19 - 2016-05-28 19:19 - 00000000 ____D C:\Program Files (x86)\cpx
2016-05-28 19:04 - 2016-05-28 19:04 - 00000000 ____D C:\Users\Joey\AppData\Roaming\AVG
2016-05-28 19:02 - 2016-05-28 19:02 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-28 19:01 - 2016-05-28 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-05-28 19:00 - 2016-05-28 19:00 - 00000000 ____D C:\Users\Joey\AppData\Roaming\TuneUp Software
2016-05-28 18:58 - 2016-05-28 18:58 - 00000000 ___HD C:\$AVG
2016-05-28 18:52 - 2016-05-29 16:19 - 00000000 ____D C:\ProgramData\MFAData
2016-05-28 18:52 - 2016-05-28 18:52 - 00000000 ____D C:\Users\Joey\AppData\Local\MFAData
2016-05-28 18:51 - 2016-05-28 18:51 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-05-28 18:51 - 2016-05-28 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-05-28 18:48 - 2016-05-28 18:56 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-28 18:47 - 2016-05-28 18:47 - 00000000 ____D C:\bin
2016-05-28 18:44 - 2016-05-28 19:03 - 00000000 ____D C:\Users\Joey\AppData\Local\Avg
2016-05-28 18:44 - 2016-05-28 18:58 - 00000000 ____D C:\ProgramData\Avg
2016-05-28 18:44 - 2016-05-28 18:51 - 00000000 ____D C:\Users\Joey\AppData\Local\AvgSetupLog
2016-05-28 18:26 - 2016-05-28 19:06 - 00003806 _____ C:\Windows\System32\Tasks\8046348
2016-05-28 18:26 - 2016-05-28 19:06 - 00003640 _____ C:\Windows\System32\Tasks\Pa80463488046348
2016-05-28 18:16 - 2016-05-28 18:16 - 00000000 _____ C:\Windows\EEventManager.INI
2016-05-28 18:16 - 2016-05-28 18:16 - 00000000 _____ C:\Users\Joey\AppData\Local\tr5b.txt
2016-05-28 18:15 - 2016-05-28 19:05 - 00000000 ___HD C:\Program Files (x86)\unidimensional
2016-05-28 18:15 - 2016-05-28 18:15 - 00590397 _____ C:\Users\Joey\AppData\Local\setupone.exe
2016-05-28 18:15 - 2016-05-28 18:15 - 00000003 _____ C:\Users\Joey\AppData\Local\aatxtname.txt
2016-05-28 18:15 - 2016-05-28 18:15 - 00000000 ___HD C:\Program Files (x86)\supervisory
2016-05-28 18:09 - 2016-05-28 18:09 - 00127652 _____ C:\Users\Joey\AppData\Local\32950173.exe
2016-05-28 18:09 - 2016-05-28 18:09 - 00034157 _____ C:\Users\Joey\AppData\Local\38119.exe
2016-05-28 18:09 - 2016-05-28 18:09 - 00010752 _____ C:\Windows\hepatic.exe
2016-05-28 18:09 - 2016-05-28 18:09 - 00006656 _____ C:\Windows\settings.dll
2016-05-28 18:06 - 2016-05-28 18:16 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Users\Public\Thunder Network
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\ProgramData\Thunder Network
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\ProgramData\download
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\regtool
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\dataup
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Users\Joey\AppData\Roaming\c
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\ProgramData\1464476751
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Program Files (x86)\S5
2016-05-28 17:59 - 2016-05-28 17:59 - 00000000 ____D C:\Windows\system32\qul
2016-05-28 17:54 - 2016-05-28 20:42 - 00000000 ____D C:\Users\Joey\AppData\Roaming\Gymoovaeaf
2016-05-28 17:54 - 2016-05-28 17:54 - 00000000 ____D C:\Users\Joey\AppData\LocalLow\Company
2016-05-28 17:54 - 2016-05-28 17:54 - 00000000 ____D C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-05-28 17:54 - 2016-05-28 17:54 - 00000000 ____D C:\Users\Joey\AppData\Local\Tempfolder
2016-05-28 17:54 - 2016-05-28 17:54 - 00000000 ____D C:\uninst
2016-05-28 17:53 - 2016-05-28 19:33 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-28 17:46 - 2016-05-28 18:48 - 00000000 ____D C:\Program Files (x86)\Windriver
2016-05-28 17:46 - 2016-05-28 17:48 - 00000000 ____D C:\Program Files (x86)\Sysdriver
2016-05-28 17:46 - 2016-05-28 17:47 - 00000000 ____D C:\Program Files (x86)\Screendriver
2016-05-28 17:45 - 2016-05-29 16:59 - 00000000 ____D C:\Program Files (x86)\WebOptimum
2016-05-28 17:45 - 2016-05-28 19:15 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-05-28 17:45 - 2016-05-28 17:45 - 00000000 ____D C:\Program Files (x86)\75D00800-1464475530-1015-B6FF-C5D7892C9EA5
2016-05-28 17:43 - 2016-05-28 17:43 - 02433016 _____ C:\Windows\chromebrowser.exe
2016-05-19 16:39 - 2016-05-19 16:39 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-18 14:36 - 2016-05-18 14:36 - 00005632 _____ C:\Users\Joey\AppData\Local\ddnow4.exe
2016-05-18 14:35 - 2016-05-18 14:35 - 00005120 _____ C:\Users\Joey\AppData\Local\ddnow.exe
2016-05-18 13:55 - 2016-05-18 13:55 - 00000000 ____D C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2016-05-18 13:34 - 2016-05-18 14:01 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2016-05-18 13:34 - 2016-05-18 13:53 - 00000000 ____D C:\Users\Joey\AppData\Roaming\DAEMON Tools Pro
2016-05-18 13:34 - 2016-05-18 13:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2016-05-18 12:13 - 2016-05-18 12:13 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-05-05 18:33 - 2016-05-29 02:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 11:06 - 2016-05-05 11:06 - 00247040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-05-05 11:06 - 2016-05-05 11:06 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys
2016-05-02 16:13 - 2016-05-02 16:13 - 00260352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2016-05-02 16:06 - 2016-05-02 16:06 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2016-05-02 11:59 - 2016-05-02 11:59 - 00007590 _____ C:\Users\Joey\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 16:58 - 2016-01-24 15:59 - 00000000 ____D C:\Users\Joey\AppData\LocalLow\Temp
2016-05-29 16:39 - 2015-11-01 03:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-29 16:28 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-29 16:28 - 2009-07-13 23:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-29 16:22 - 2015-10-31 20:05 - 00000000 ___HD C:\jexepackres
2016-05-29 16:19 - 2009-11-25 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-05-29 16:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-29 13:26 - 2015-11-02 23:59 - 00255800 _____ C:\Windows\ntbtlog.txt
2016-05-29 03:39 - 2015-11-03 15:59 - 00000000 ____D C:\Users\Joey\AppData\Roaming\foobar2000
2016-05-29 02:42 - 2015-10-31 15:34 - 00000000 ____D C:\Users\Joey\AppData\Local\Google
2016-05-29 02:40 - 2015-10-31 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-29 02:37 - 2015-10-31 05:54 - 00000000 ____D C:\Users\Joey\AppData\Roaming\uTorrent
2016-05-29 02:37 - 2015-10-31 05:46 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2016-05-28 22:48 - 2015-10-31 05:47 - 00000000 ____D C:\Users\Joey\AppData\Local\MediaMonkey
2016-05-28 21:35 - 2015-10-31 05:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-28 20:43 - 2015-10-31 04:03 - 00000000 ____D C:\Users\Joey\Desktop\Phone
2016-05-28 20:12 - 2016-02-06 23:46 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2016-05-28 19:41 - 2015-10-31 05:29 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-28 19:41 - 2015-10-31 05:29 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-28 19:16 - 2015-11-01 00:21 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-05-28 19:01 - 2015-11-02 13:24 - 00001476 _____ C:\Windows\Sandboxie.ini
2016-05-28 17:56 - 2015-10-31 04:03 - 00000000 ____D C:\Users\Joey\Desktop\OZ 75
2016-05-28 17:42 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-28 17:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-28 14:21 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-19 16:39 - 2015-11-01 03:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-19 16:39 - 2015-11-01 03:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-18 14:02 - 2015-10-31 04:15 - 00000000 ____D C:\Users\Joey
2016-05-18 14:01 - 2016-04-09 16:42 - 00000000 ____D C:\Program Files (x86)\VUDUToGo
2016-05-18 14:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-05-14 17:19 - 2015-10-31 05:19 - 00000000 ____D C:\Scans
2016-05-13 16:43 - 2015-10-31 04:04 - 00005838 _____ C:\Users\Joey\Desktop\carlos debt & IGC e-mails.txt
2016-05-08 17:06 - 2016-03-05 00:44 - 00000000 ____D C:\Users\Joey\dwhelper
2016-04-30 11:31 - 2015-10-31 05:27 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

==================== Files in the root of some directories =======

2015-11-01 16:21 - 2015-10-31 19:58 - 0231424 _____ () C:\Users\Joey\AppData\Roaming\chrtmp
2016-04-11 17:33 - 2016-04-11 17:38 - 0009677 _____ () C:\Users\Joey\AppData\Roaming\Requiem.log
2015-11-16 05:02 - 2015-11-16 06:08 - 0000242 _____ () C:\Users\Joey\AppData\Roaming\wklnhst.dat
2016-05-28 18:09 - 2016-05-28 18:09 - 0127652 _____ () C:\Users\Joey\AppData\Local\32950173.exe
2016-05-28 18:09 - 2016-05-28 18:09 - 0034157 _____ () C:\Users\Joey\AppData\Local\38119.exe
2016-05-28 18:15 - 2016-05-28 18:15 - 0000003 _____ () C:\Users\Joey\AppData\Local\aatxtname.txt
2015-12-07 21:23 - 2016-04-12 00:24 - 0019968 _____ () C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-18 14:35 - 2016-05-18 14:35 - 0005120 _____ () C:\Users\Joey\AppData\Local\ddnow.exe
2016-05-18 14:36 - 2016-05-18 14:36 - 0005632 _____ () C:\Users\Joey\AppData\Local\ddnow4.exe
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\Joey\AppData\Local\ok223.txt
2016-05-02 11:59 - 2016-05-02 11:59 - 0007590 _____ () C:\Users\Joey\AppData\Local\Resmon.ResmonCfg
2016-05-28 18:15 - 2016-05-28 18:15 - 0590397 _____ () C:\Users\Joey\AppData\Local\setupone.exe
2016-05-28 18:16 - 2016-05-28 18:16 - 0000000 _____ () C:\Users\Joey\AppData\Local\tr5b.txt
2016-05-28 18:06 - 2016-05-28 18:16 - 0293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll

Files to move or delete:
====================
C:\ProgramData\xldl.dll


Some files in TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\compete.exe
C:\Users\Joey\AppData\Local\Temp\frag.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\s5mark_setup_aid91tid336_20160510.exe
C:\Users\Joey\AppData\Local\Temp\winrar_4.6_full.Team-TDK.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll
[2015-11-01 00:21] - [2015-11-01 00:21] - 0270336 ____A (Microsoft Corporation) 06A37C228E2252B8E18DE82C9D5A966E

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 17:24

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:40 AM

Posted 30 May 2016 - 10:21 AM

hi,

 

Thats quite a load you have there.

Usually only online once or twice per day so you may not get a reply back from me until the following day.

 

1) So first you can look in your add/remove programs panel and uninstall the following if present. After your done with the uninstalls reboot machine.

 

wardmain

WebOptimum

Itibiti RTC

Note-UP

 

2) Next we will use FRST to remove some items. Copy/paste whats below into notepad and save it as fixlist.txt in the same location you have FRST located. Next start FRST like before and this time click on the Fix button. Machine will reboot to finish the process. On reboot it will display a fixlog.txt that you can copy/paste in your reply.

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_014010342] => [X]
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [impracticality] => C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()
C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [harken] => "C:\Program Files (x86)\unidimensional\caballero.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: IeWebtoptimumPlugin.BHO -> {314cc13e-2027-44ca-838b-546591a01fda} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
S2 Savdi; "C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe" -cms [X]
C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe
2016-05-29 16:13 - 2016-05-29 16:54 - 00000000 ____D C:\Users\Joey\AppData\Roaming\wardmain
C:\ProgramData\xldl.dll
2016-05-28 17:53 - 2016-05-28 19:33 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-28 17:46 - 2016-05-28 18:48 - 00000000 ____D C:\Program Files (x86)\Windriver
2016-05-28 17:46 - 2016-05-28 17:48 - 00000000 ____D C:\Program Files (x86)\Sysdriver
2016-05-28 17:46 - 2016-05-28 17:47 - 00000000 ____D C:\Program Files (x86)\Screendriver
2016-05-28 17:45 - 2016-05-29 16:59 - 00000000 ____D C:\Program Files (x86)\WebOptimum
2016-05-28 17:45 - 2016-05-28 19:15 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-05-28 17:45 - 2016-05-28 17:45 - 00000000 ____D C:\Program Files (x86)\75D00800-1464475530-1015-B6FF-C5D7892C9EA5
2016-05-28 17:43 - 2016-05-28 17:43 - 02433016 _____ C:\Windows\chromebrowser.exe
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\regtool
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\dataup
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Users\Joey\AppData\Roaming\c
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\ProgramData\1464476751
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Program Files (x86)\S5
2016-05-28 17:59 - 2016-05-28 17:59 - 00000000 ____D C:\Windows\system32\qul
2016-05-28 17:54 - 2016-05-28 20:42 - 00000000 ____D C:\Users\Joey\AppData\Roaming\Gymoovaeaf
C:\Users\Joey\AppData\Local\Temp\compete.exe
C:\Users\Joey\AppData\Local\Temp\frag.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\s5mark_setup_aid91tid336_20160510.exe
C:\Users\Joey\AppData\Local\Temp\winrar_4.6_full.Team-TDK.exe
Task: {08429481-309F-495F-86C7-9984AAB4BDD5} - System32\Tasks\8046348 => C:\Users\Joey\AppData\Local\caballero.exe <==== ATTENTION
Task: {33CEA4E1-F706-45CC-AA4D-94CA00B2B039} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {48BD80D2-68C9-4E2F-9A8E-DAD68F416FC0} - \AdobeAAMUpdater-1.0-Joey-PC-Joey -> No File <==== ATTENTION
Task: {B6ED0511-7A7A-419A-B9FF-78A143272C01} - \PCDRScheduledMaintenance -> No File <==== ATTENTION
Task: {C1303FFD-844C-46C1-8248-C9B07F7E7434} - System32\Tasks\Pa80463488046348 => C:\Users\Joey\AppData\Local\caballero.exe
FirewallRules: [{1194088C-7687-4237-A15D-B4D765A5ECE8}] => (Allow) C:\Users\Joey\AppData\Local\ddnowyes.exe
FirewallRules: [{57B7CBBB-7D68-4DF5-99BC-A2EF1E1254D4}] => (Allow) C:\Users\Joey\AppData\Local\Temp\installer.exe
FirewallRules: [{64C1A474-354E-483B-9FEE-19CCC42A3551}] => (Allow) C:\Users\Joey\AppData\Local\89558046.exe
FirewallRules: [TCP Query User{9C64B3F2-3431-4941-B946-FF7FAF83D3B5}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{7205F505-D03D-46F9-9D86-0E4D98488EC3}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
Empty Temp:

3) you can get a download: the free version Malwarebytes which you can keep and use as a antimalware app.

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
     Launch Malwarebytes Anti-Malware
     A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the   scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

 

Start with the above and we will go from there.


How Can I Reduce My Risk to Malware?


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 AM

Posted 30 May 2016 - 10:23 AM

Removed.
Posted a fix after you.
Sorry.

Edited by nasdaq, 30 May 2016 - 10:24 AM.


#4 shady pines ma

shady pines ma
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 May 2016 - 03:56 PM

Here is fixlog.txt. Will try MalwareBytes now.

Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Joey (2016-05-30 15:44:13) Run:1
Running from C:\Users\Joey\Desktop
Loaded Profiles: Joey (Available Profiles: Joey)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_014010342] => [X]
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [impracticality] => C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()
C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\...\Run: [harken] => "C:\Program Files (x86)\unidimensional\caballero.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: IeWebtoptimumPlugin.BHO -> {314cc13e-2027-44ca-838b-546591a01fda} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-472934479-1157152603-4007252266-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
S2 Savdi; "C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe" -cms [X]
C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe
2016-05-29 16:13 - 2016-05-29 16:54 - 00000000 ____D C:\Users\Joey\AppData\Roaming\wardmain
C:\ProgramData\xldl.dll
2016-05-28 17:53 - 2016-05-28 19:33 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-28 17:46 - 2016-05-28 18:48 - 00000000 ____D C:\Program Files (x86)\Windriver
2016-05-28 17:46 - 2016-05-28 17:48 - 00000000 ____D C:\Program Files (x86)\Sysdriver
2016-05-28 17:46 - 2016-05-28 17:47 - 00000000 ____D C:\Program Files (x86)\Screendriver
2016-05-28 17:45 - 2016-05-29 16:59 - 00000000 ____D C:\Program Files (x86)\WebOptimum
2016-05-28 17:45 - 2016-05-28 19:15 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-05-28 17:45 - 2016-05-28 17:45 - 00000000 ____D C:\Program Files (x86)\75D00800-1464475530-1015-B6FF-C5D7892C9EA5
2016-05-28 17:43 - 2016-05-28 17:43 - 02433016 _____ C:\Windows\chromebrowser.exe
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\regtool
2016-05-28 18:06 - 2016-05-28 18:06 - 00000000 ____D C:\Program Files (x86)\dataup
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Users\Joey\AppData\Roaming\c
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\ProgramData\1464476751
2016-05-28 18:05 - 2016-05-28 18:05 - 00000000 ____D C:\Program Files (x86)\S5
2016-05-28 17:59 - 2016-05-28 17:59 - 00000000 ____D C:\Windows\system32\qul
2016-05-28 17:54 - 2016-05-28 20:42 - 00000000 ____D C:\Users\Joey\AppData\Roaming\Gymoovaeaf
C:\Users\Joey\AppData\Local\Temp\compete.exe
C:\Users\Joey\AppData\Local\Temp\frag.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Joey\AppData\Local\Temp\s5mark_setup_aid91tid336_20160510.exe
C:\Users\Joey\AppData\Local\Temp\winrar_4.6_full.Team-TDK.exe
Task: {08429481-309F-495F-86C7-9984AAB4BDD5} - System32\Tasks\8046348 => C:\Users\Joey\AppData\Local\caballero.exe <==== ATTENTION
Task: {33CEA4E1-F706-45CC-AA4D-94CA00B2B039} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {48BD80D2-68C9-4E2F-9A8E-DAD68F416FC0} - \AdobeAAMUpdater-1.0-Joey-PC-Joey -> No File <==== ATTENTION
Task: {B6ED0511-7A7A-419A-B9FF-78A143272C01} - \PCDRScheduledMaintenance -> No File <==== ATTENTION
Task: {C1303FFD-844C-46C1-8248-C9B07F7E7434} - System32\Tasks\Pa80463488046348 => C:\Users\Joey\AppData\Local\caballero.exe
FirewallRules: [{1194088C-7687-4237-A15D-B4D765A5ECE8}] => (Allow) C:\Users\Joey\AppData\Local\ddnowyes.exe
FirewallRules: [{57B7CBBB-7D68-4DF5-99BC-A2EF1E1254D4}] => (Allow) C:\Users\Joey\AppData\Local\Temp\installer.exe
FirewallRules: [{64C1A474-354E-483B-9FEE-19CCC42A3551}] => (Allow) C:\Users\Joey\AppData\Local\89558046.exe
FirewallRules: [TCP Query User{9C64B3F2-3431-4941-B946-FF7FAF83D3B5}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{7205F505-D03D-46F9-9D86-0E4D98488EC3}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
Empty Temp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_014010342 => value removed successfully
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Windows\CurrentVersion\Run\\impracticality => value removed successfully
"C:\Program Files (x86)\supervisory\impracticality.exe [36776 2016-05-28] ()" => not found.
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Windows\CurrentVersion\Run\\harken => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314cc13e-2027-44ca-838b-546591a01fda}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{314cc13e-2027-44ca-838b-546591a01fda}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-472934479-1157152603-4007252266-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
Savdi => service removed successfully
"C:\Users\Joey\AppData\Roaming\KubfoKuk\Toudiad.exe" => not found.
"C:\Users\Joey\AppData\Roaming\wardmain" => not found.
C:\ProgramData\xldl.dll => moved successfully
C:\Program Files (x86)\MPC Cleaner => moved successfully

"C:\Program Files (x86)\Windriver" folder move:

Could not move "C:\Program Files (x86)\Windriver" => Scheduled to move on reboot.


"C:\Program Files (x86)\Sysdriver" folder move:

Could not move "C:\Program Files (x86)\Sysdriver" => Scheduled to move on reboot.

C:\Program Files (x86)\Screendriver => moved successfully
C:\Program Files (x86)\WebOptimum => moved successfully
C:\Program Files (x86)\FastWeb => moved successfully
C:\Program Files (x86)\75D00800-1464475530-1015-B6FF-C5D7892C9EA5 => moved successfully
C:\Windows\chromebrowser.exe => moved successfully
C:\Program Files (x86)\taskvmx => moved successfully
C:\Program Files (x86)\regtool => moved successfully
C:\Program Files (x86)\dataup => moved successfully
C:\Users\Joey\AppData\Roaming\c => moved successfully
C:\ProgramData\1464476751 => moved successfully
C:\Program Files (x86)\S5 => moved successfully
C:\Windows\system32\qul => moved successfully
C:\Users\Joey\AppData\Roaming\Gymoovaeaf => moved successfully
C:\Users\Joey\AppData\Local\Temp\compete.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\frag.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\s5mark_setup_aid91tid336_20160510.exe => moved successfully
C:\Users\Joey\AppData\Local\Temp\winrar_4.6_full.Team-TDK.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08429481-309F-495F-86C7-9984AAB4BDD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08429481-309F-495F-86C7-9984AAB4BDD5}" => key removed successfully
C:\Windows\System32\Tasks\8046348 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8046348" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33CEA4E1-F706-45CC-AA4D-94CA00B2B039}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33CEA4E1-F706-45CC-AA4D-94CA00B2B039}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BD80D2-68C9-4E2F-9A8E-DAD68F416FC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BD80D2-68C9-4E2F-9A8E-DAD68F416FC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Joey-PC-Joey" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6ED0511-7A7A-419A-B9FF-78A143272C01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6ED0511-7A7A-419A-B9FF-78A143272C01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1303FFD-844C-46C1-8248-C9B07F7E7434}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1303FFD-844C-46C1-8248-C9B07F7E7434}" => key removed successfully
C:\Windows\System32\Tasks\Pa80463488046348 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pa80463488046348" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1194088C-7687-4237-A15D-B4D765A5ECE8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57B7CBBB-7D68-4DF5-99BC-A2EF1E1254D4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64C1A474-354E-483B-9FEE-19CCC42A3551} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9C64B3F2-3431-4941-B946-FF7FAF83D3B5}C:\program files (x86)\itibiti soft phone\itibiti.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7205F505-D03D-46F9-9D86-0E4D98488EC3}C:\program files (x86)\itibiti soft phone\itibiti.exe => value removed successfully
EmptyTemp: => 1.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-05-30 15:48:55)

C:\Program Files (x86)\Windriver => Is moved successfully
C:\Program Files (x86)\Sysdriver => Is moved successfully

==== End of Fixlog 15:48:55 ====



#5 shady pines ma

shady pines ma
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 May 2016 - 04:43 PM

Here's the MWB log. The popups are still taking over my web browsing, though. When I'm doing just about anything else, things are ok. It's browsing that's become a nightmare. It's even difficult just to post these logs in here and I often find myself having to type out my posts in Notepad and copy/paste just to insure I get them typed out.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/30/2016
Scan Time: 4:01 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.30.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joey

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308965
Time Elapsed: 22 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 27
PUP.Optional.DNSio, HKLM\SOFTWARE\CLASSES\CLSID\{FD20C151-A061-4097-955D-682F317A7035}, Quarantined, [55ba8e4e683176c0f9761b3e3ac82fd1],
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [6ca3c61609907eb80afeeb9637cbff01],
PUP.Optional.WebOptimum, HKLM\SOFTWARE\CLASSES\IeWebtoptimumPlugin.BHO, Quarantined, [96797567dfbaca6c63b8324f679bd52b],
PUP.Optional.WebOptimum, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IeWebtoptimumPlugin.BHO, Quarantined, [ae61508c653439fde7345c25956d5ea2],
PUP.Optional.WebOptimum, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IeWebtoptimumPlugin.BHO, Quarantined, [ae61508c653439fde7345c25956d5ea2],
PUP.Optional.iDot, HKLM\SOFTWARE\IDOT, Quarantined, [ec2321bb46535adcbebafde651b250b0],
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\TRACING\ddnow_RASAPI32, Quarantined, [927dbf1d1e7bf44261c954908f746a96],
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\TRACING\ddnow_RASMANCS, Quarantined, [b05fda02b8e1aa8ce14933b115ee2dd3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CompeteInc, Quarantined, [41ce77651d7c181ed3503f3cc63d50b0],
PUP.Optional.iDot, HKLM\SOFTWARE\WOW6432NODE\IDOT, Quarantined, [cf40db012673b4823a3eb82b2fd45fa1],
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP, Quarantined, [de3132aa62376cca2922ddec9e6550b0],
PUP.Optional.SysDriver, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPER, Quarantined, [ff105f7dfc9db77f4bef3aa7669d738d],
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT, Quarantined, [b65996463861d06662b1d2077a8922de],
PUP.Optional.WindowsManagementService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE, Quarantined, [4ec1508c42577cbadefc643fb54e49b7],
PUP.Optional.Tuto4PC, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\TutoTag, Quarantined, [9976c8143b5e1a1c579d257b9e65f907],
PUP.Optional.Clicker.ChrPRST, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\6C269C8_0, Quarantined, [ad62aa32138642f4c45d75429c66dd23],
PUP.Optional.Tuto4PC, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\OTUT, Quarantined, [937cf8e47722270f1a0814c5ac5724dc],

Registry Values: 11
PUP.Optional.iDot, HKLM\SOFTWARE\IDOT|idot, ok, Quarantined, [ec2321bb46535adcbebafde651b250b0]
PUP.Optional.iDot, HKLM\SOFTWARE\WOW6432NODE\IDOT|idot, ok, Quarantined, [cf40db012673b4823a3eb82b2fd45fa1]
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [de3132aa62376cca2922ddec9e6550b0]
PUP.Optional.SysDriver, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPER|ImagePath, "C:\Program Files (x86)\Sysdriver\Scheduler.Service.exe", Quarantined, [ff105f7dfc9db77f4bef3aa7669d738d]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT|Description, MPC Driver, Quarantined, [b65996463861d06662b1d2077a8922de]
PUP.Optional.WindowsManagementService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath, "C:\Users\Joey\AppData\Local\Temp\20160528\ct.exe" /svc, Quarantined, [4ec1508c42577cbadefc643fb54e49b7]
PUP.Optional.IEAudioAds, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\INSTALLPATH\STATUS|NuvisionDataRemarketer, S, Quarantined, [9877ca128d0c92a4afc6177658ab6c94]
PUP.Optional.Clicker.ChrPRST, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\6c269c8_0, {0.0.0.00000000}.{9a3292db-9088-4403-bd26-420bc356eed4}|\Device\HarddiskVolume2\Program Files (x86)\msrtn32\cdhtr.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [ad62aa32138642f4c45d75429c66dd23]
PUP.Optional.Tuto4PC, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\OTUT|product, tutoproduct, Quarantined, [937cf8e47722270f1a0814c5ac5724dc]
PUP.Optional.Tuto4PC, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\OTUT|partner, tuto, Quarantined, [0807ca12475294a2bd65e1f8c43f6c94]
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-472934479-1157152603-4007252266-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [a46b9b412277072fc3d3b30aa45fd32d]

Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0086FC7E-686F-46C7-A777-583954F44CAA}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[53bccc106633e94dba3d0f4b35cfdc24]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[e629f2ea0198ef47b047fe5c4bb936ca]

Folders: 21
PUP.Optional.CPX, C:\Program Files (x86)\cpx, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\Company\Product\1.0, Quarantined, [e52a8755d7c243f3b11ff4b71ce704fc],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\Company\Product, Quarantined, [e52a8755d7c243f3b11ff4b71ce704fc],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\plugins, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\sqldrivers, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\dump, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\nfeotgmnpeepdbcklegpcengnhgllhoe, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\content, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\skin, Quarantined, [a669cb11c6d364d24863decf9b67ce32],

Files: 159
Trojan.FilePatch.DNSApi, C:\Windows\SysWOW64\dnsapi.dll, Replace-on-Reboot, [06a37c228e2252b8e18de82c9d5a966e],
PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\cdhtr.exe, Quarantined, [29e60ece59403df9a8276b3db34e956b],
PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\msrtn32.exe, Quarantined, [61ae508ccfca5bdb923e8d1bf40d44bc],
PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\rthdcpd.exe, Quarantined, [9f707f5d6f2aa1952f9f0e9aaf52cd33],
PUP.Optional.DotDo.PrxySvrRST, C:\Program Files (x86)\unidimensional\settings.dll, Quarantined, [c34c3f9d4a4fdb5bb04f6268f110a55b],
PUP.Optional.AracadeCandy, C:\Users\Joey\Downloads\ArcadeCandyGames (1).exe, Quarantined, [9f70e5f7debb53e3f85f0e121ae613ed],
PUP.Optional.AracadeCandy, C:\Users\Joey\Downloads\ArcadeCandyGames (2).exe, Quarantined, [7897ab316a2f979f9dbaeb3551afd22e],
PUP.Optional.AracadeCandy, C:\Users\Joey\Downloads\ArcadeCandyGames (3).exe, Quarantined, [050a8f4d3e5bdb5b273066ba05fb649c],
PUP.Optional.AracadeCandy, C:\Users\Joey\Downloads\ArcadeCandyGames (4).exe, Quarantined, [40cff8e4b2e743f3a6b1819fc23eef11],
PUP.Optional.AracadeCandy, C:\Users\Joey\Downloads\ArcadeCandyGames.exe, Quarantined, [ce415e7eb3e6fe38b0a7d64a70901ee2],
PUP.Optional.DownWare, C:\Users\Joey\Downloads\Setup_ODM.exe, Quarantined, [13fcdefe3267fc3a033b38ec9b66a957],
PUP.Optional.InstallCore, C:\Users\Joey\Downloads\super-smash-bros.exe, Quarantined, [4dc23e9e99001620a7590a26be4358a8],
Trojan.Agent, C:\Users\Joey\AppData\Local\38119.exe, Quarantined, [6ea138a45d3ceb4b5b827dd65fa3a35d],
Trojan.Agent, C:\Users\Joey\AppData\Local\setupone.exe, Quarantined, [bb544e8e43568caaa03d371ccf33f40c],
PUP.Optional.DotDo.PrxySvrRST, C:\Windows\hepatic.exe, Quarantined, [8788cd0f2277003693c99347867bd030],
PUP.Optional.DotDo.PrxySvrRST, C:\Windows\settings.dll, Quarantined, [a867e1fbb2e74de9817e78529b66dc24],
PUP.Optional.WebOptimum, C:\Windows\Installer\50baa.msi, Quarantined, [c54a4a92fe9b58de5af5ee84f70d9070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\ffmpegsumo.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_100_percent.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_200_percent.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_43.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_47.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\debug.log, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\icudtl.dat, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libEGL.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libGLESv2.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\natives_blob.bin, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\snapshot_blob.bin, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hi.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\am.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ar.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bg.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bn.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ca.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\cs.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\da.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\de.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\el.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-GB.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-US.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es-419.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\et.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fa.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fi.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fil.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fr.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\gu.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\he.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hr.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hu.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\id.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\it.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ja.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\kn.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ko.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lt.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lv.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ml.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\mr.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ms.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nb.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nl.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pl.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-BR.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-PT.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ro.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ru.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sk.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sl.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sr.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sv.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sw.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ta.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\te.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\th.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\tr.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\uk.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\vi.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-CN.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-TW.pak, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\manifest.json, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll, Quarantined, [f51a1ebed9c0dd596b9cd5a8b2519070],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [e52a8755d7c243f3b11ff4b71ce704fc],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [e52a8755d7c243f3b11ff4b71ce704fc],
Adware.Agent.Proxy, C:\Users\Joey\AppData\Local\ddnow.exe, Quarantined, [68a704d86a2fdb5be7bb7072d033f20e],
Adware.Agent.Proxy, C:\Users\Joey\AppData\Local\ddnow4.exe, Quarantined, [53bc9f3dc1d8290d1c879b47e0239a66],
Adware.Agent.Trace, C:\Users\Joey\AppData\Local\aatxtname.txt, Quarantined, [53bc34a8dbbe3501f9ae3aa89d66817f],
Adware.Agent.Trace, C:\Users\Joey\AppData\Local\ok223.txt, Quarantined, [749b8656f2a78caabbedf9e9b74cf808],
Adware.Agent.Trace, C:\Users\Joey\AppData\Local\tr5b.txt, Quarantined, [f51aa13b7623b383beeb9c466f94718f],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\libeay32.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icudt53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuin53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuio53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icule53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\iculx53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icutest53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icutu53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuuc53.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\msvcp100.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\msvcr100.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Core.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Gui.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Multimedia.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5MultimediaWidgets.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Network.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5OpenGL.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Positioning.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5PrintSupport.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Qml.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Quick.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Sensors.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Sql.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5WebKit.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5WebKitWidgets.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Widgets.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\QtXml4.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\QxOrm.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\ssleay32.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\ua.txt, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qdds.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qgif.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qicns.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qico.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qmng.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qsvg.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qtga.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms\qminimal.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms\qwindows.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\plugins\NPSWF32_11_5_502_110.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\sqldrivers\qsqlite.dll, Quarantined, [67a8bd1ff9a082b4ca589c4936cdb44c],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\cookies, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\db.sqlite, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\Setting.ini, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\urls.txt, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\urls.txt.bak, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\dump\1f559d81-17d8-48a2-9633-657a9c1b9ff3.dmp, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.Mstrn, C:\Users\Joey\AppData\Local\mstrn32\dump\c20f3333-b042-49c7-a800-f4b5fb64da96.dmp, Quarantined, [b35ce4f8d3c664d22420365f936f817f],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.VBates, C:\Users\Joey\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [e7288d4f8a0f8fa77f272c7f5ba747b9],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\nfeotgmnpeepdbcklegpcengnhgllhoe\icon128.png, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\nfeotgmnpeepdbcklegpcengnhgllhoe\icon48.png, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\nfeotgmnpeepdbcklegpcengnhgllhoe\jquery-1.8.0.min.js, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\nfeotgmnpeepdbcklegpcengnhgllhoe\manifest.json, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome.manifest, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\install.rdf, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\content\jquery-1.8.2.min.js, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\content\weboptimum.xul, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\skin\weboptimum.css, Quarantined, [a669cb11c6d364d24863decf9b67ce32],
PUP.Optional.FASTExtensions, C:\Users\Joey\AppData\Local\FASTExtensions\weboptimum@bscodecs.com\chrome\skin\weboptimumlogo.png, Quarantined, [a669cb11c6d364d24863decf9b67ce32],

Physical Sectors: 0
(No malicious items detected)


(end)

 

-------------

 

EDIT: Although I suffered popups for a bit, they all seem to have gone away. If you still think there's more steps I need to take, please let me know, as I don't want to celebrate my victory prematurely...again...but I'm starting to feel optimistic that I may defeat the evil.


Edited by shady pines ma, 30 May 2016 - 04:52 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:40 AM

Posted 30 May 2016 - 05:14 PM

Ok good. You can get one more download to run, it targets adware/PUPS and might grab some leftovers.

 

Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
 


How Can I Reduce My Risk to Malware?


#7 shady pines ma

shady pines ma
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 31 May 2016 - 11:57 AM

One thing - I still have impracticality.txt floating around on startup. Do I need another run to remove that? But here's the JRT log.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Joey (Administrator) on Tue 05/31/2016 at  0:57:51.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\ProgramData\mediamall (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\ebay.lnk (Shortcut)
Successfully deleted: C:\ProgramData\thunder network (Folder)
Successfully deleted: C:\Users\Joey\AppData\Local\cpx (Folder)
Successfully deleted: C:\Users\Joey\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Program Files (x86)\mediamall (Folder)
Successfully deleted: C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EWE02MW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKWMJ9S9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSDR5HG7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFYAE3U1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EWE02MW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKWMJ9S9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSDR5HG7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFYAE3U1 (Temporary Internet Files Folder)



Registry: 6

Successfully deleted: HKLM\Software\MozillaPlugins\@playon.tv/playontoolbar (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MediaMall Server (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E25840A9-9DF4-421A-B33A-075A43A77128} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E25840A9-9DF4-421A-B33A-075A43A77128} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/31/2016 at  1:05:09.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:40 AM

Posted 31 May 2016 - 03:48 PM

 

I still have impracticality.txt floating around on startup

What do you mean by floating around? If you see a impracticality.txt file you can delete it.


How Can I Reduce My Risk to Malware?


#9 shady pines ma

shady pines ma
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 31 May 2016 - 08:24 PM

I meant .exe, not .txt, not sure why I said that. That seems to be the only thing remaining. I'll try deleting it, and if it never comes back, then it seems all is healed. It was this from the FRST log:

() C:\Program Files (x86)\supervisory\impracticality.exe


Edited by shady pines ma, 31 May 2016 - 08:25 PM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:40 AM

Posted 01 June 2016 - 04:36 PM

​Ok. It shouldnt come back if you deleted it. You can delete the FRST icon, the logs as well as the FRST folder located in your root drive, C:

​Keep Malwarebytes as a anitmalware app. Remember the free version must be updated manually and a scan started manually.

​Careful where you download/install software from. There are fewer and fewer clean sites. Most download portals are full of adware addons and bundled garbage installs.

​If all looks good on your end, happy safe surfing out there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users