Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Project Oreon and othe random popups on Firefox


  • This topic is locked This topic is locked
5 replies to this topic

#1 Grundignz

Grundignz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 23 June 2016 - 10:02 AM

Seems to be the same as this Topic

http://www.bleepingcomputer.com/forums/t/614457/project-oreon-and-othe-random-popups-on-chrome-and-firefox/

I have tried the following

AVG Scan

Superantispyware Scan

Adwcleaner Scan

Junkware removal tool

Malwarebytes Scan

Hitman Pro scan

 

 

They have found items and removed just not whats causing the popup window

Any further suggestions??

 

Thanks

David



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 23 June 2016 - 01:29 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 Grundignz

Grundignz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 24 June 2016 - 04:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by david (administrator) on UVCHOME (24-06-2016 21:37:14)
Running from C:\Users\david\Downloads
Loaded Profiles: david (Available Profiles: david & Network uvc & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\Valleyb\2XDataService.EXE
(Adaptec Incorporated) C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(World Community Grid) C:\Program Files (x86)\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boinc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TEMPerV21.exe] => C:\Program Files (x86)\PCsensor\TEMPer V24.3\TEMPerV21.exe [655872 2013-07-19] (PCsensor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [3909264 2014-03-25] (World Community Grid)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-25] (Space Sciences Laboratory)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2599083655-2389998508-407446948-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-05] (SUPERAntiSpyware)
HKU\S-1-5-21-2599083655-2389998508-407446948-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2599083655-2389998508-407446948-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [972432 2014-03-25] (World Community Grid)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.118.191.1 203.109.191.1 203.109.129.67
Tcpip\..\Interfaces\{45FACC6C-573C-49A4-824A-4D8DEBE6280B}: [DhcpNameServer] 203.118.191.1 203.109.191.1 203.109.129.67
Tcpip\..\Interfaces\{4E3D2A03-84CF-4E69-B982-71121B3F3500}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864624163145029&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2599083655-2389998508-407446948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-2599083655-2389998508-407446948-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?pc=UE09&ocid=UE09DHP
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2599083655-2389998508-407446948-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://securevpn02.gen-i.co.nz/CACHE/webvpn/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} hxxp://turner1.turners.liveblockauctions.com/container_repository/laiexec.cab?rand=44711
Handler: hpapp - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\dxqhlzs5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-05-09] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-05-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2599083655-2389998508-407446948-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\david\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-02] (RocketLife, LLP)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-04-06] [not signed]
FF HKU\S-1-5-21-2599083655-2389998508-407446948-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 2XDataService; C:\Program Files\Valleyb\2XDataService.EXE [263416 2015-01-31] ()
S2 2XDataUpgrader; C:\Program Files\Valleyb\2XDataUpgrader.EXE [249592 2015-01-31] ()
R2 AdaptecStorageManagerAgent; C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe [119296 2007-09-21] (Adaptec Incorporated) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-04-07] (Freemake) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R4 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2014-11-26] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ValleyBackup_scheduler; C:\Program Files\ValleyB\ValleyBackup_scheduler.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; no ImagePath
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-16] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [82048 2015-11-09] (VSO Software) [File not signed]
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [198248 2016-06-03] (IDRIX)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-24 21:37 - 2016-06-24 21:37 - 00018529 _____ C:\Users\david\Downloads\FRST.txt
2016-06-24 21:37 - 2016-06-24 21:37 - 00000000 ____D C:\FRST
2016-06-24 21:36 - 2016-06-24 21:36 - 02387456 _____ (Farbar) C:\Users\david\Downloads\FRST64.exe
2016-06-24 21:35 - 2016-06-24 21:35 - 105125735 _____ C:\Users\david\Downloads\Person.of.Interest.S05E13.1080p.HDTV.X264-DIMENSION.mkv.part
2016-06-24 21:35 - 2016-06-24 21:35 - 00000000 _____ C:\Users\david\Downloads\Person.of.Interest.S05E13.1080p.HDTV.X264-DIMENSION.mkv
2016-06-24 03:08 - 2016-06-24 03:23 - 00000000 ____D C:\Users\david\Downloads\backups
2016-06-24 03:04 - 2016-06-24 03:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\david\Downloads\HijackThis.exe
2016-06-24 02:24 - 2016-06-24 02:24 - 00000000 ____D C:\Users\david\AppData\Local\SUPERSampleSubmit
2016-06-24 02:23 - 2016-06-24 02:23 - 01488624 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\david\Downloads\SUPERSampleSubmit.exe
2016-06-22 13:32 - 2016-06-22 13:34 - 149991424 _____ C:\Users\david\Downloads\pwfree91-x86.iso
2016-06-22 13:30 - 2016-06-22 13:32 - 143312896 _____ C:\Users\david\Downloads\pwfree91-x64.iso
2016-06-22 13:27 - 2016-06-22 13:27 - 11438608 _____ (SurfRight B.V.) C:\Users\david\Downloads\hitmanpro_x64.exe
2016-06-22 13:24 - 2016-06-22 13:24 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\david\Downloads\sh-remover(1).exe
2016-06-22 13:23 - 2016-06-22 13:23 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\david\Downloads\sh-remover.exe
2016-06-22 01:20 - 2016-06-22 01:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-22 01:19 - 2016-06-22 01:19 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-22 01:19 - 2016-06-22 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-22 01:19 - 2016-06-22 01:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-22 01:19 - 2016-06-22 01:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-22 01:19 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-22 01:19 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-22 01:19 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-22 01:05 - 2016-06-22 01:05 - 22851472 _____ (Malwarebytes ) C:\Users\david\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-06-18 17:53 - 2016-06-18 17:53 - 00242136 _____ C:\Users\david\Downloads\Firefox Setup Stub 47.0.exe
2016-06-18 17:53 - 2016-06-18 17:53 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-18 17:53 - 2016-06-18 17:53 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-18 17:53 - 2016-06-18 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-18 01:49 - 2016-06-18 01:49 - 00000000 ____D C:\Users\david\Documents\Add-in Express
2016-06-18 00:32 - 2016-06-18 00:32 - 03233686 _____ C:\Users\david\Downloads\178458847600
2016-06-17 23:08 - 2016-06-17 23:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-06-17 23:06 - 2016-06-17 23:29 - 2688960656 _____ C:\Users\david\Downloads\Person.of.Interest.S05E12.1080p.HDTV.X264-DIMENSION.mkv
2016-06-17 01:06 - 2016-06-17 01:06 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-06-17 00:54 - 2016-06-17 00:54 - 00005875 _____ C:\Users\david\Desktop\JRT.txt
2016-06-17 00:51 - 2016-06-17 00:51 - 01610816 _____ (Malwarebytes) C:\Users\david\Downloads\JRT.exe
2016-06-17 00:50 - 2016-06-18 17:58 - 00000000 ____D C:\AdwCleaner
2016-06-17 00:50 - 2016-06-17 00:50 - 03703360 _____ C:\Users\david\Downloads\adwcleaner_5.200.exe
2016-06-16 23:31 - 2016-06-16 23:31 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-16 23:30 - 2016-06-16 23:30 - 00752296 _____ C:\Users\david\Downloads\Adware Removal Tool by TSA.exe
2016-06-16 23:01 - 2016-06-16 23:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-06-16 22:32 - 2016-06-16 22:32 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-06-16 22:30 - 2016-06-16 22:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-16 22:30 - 2016-06-16 22:30 - 05066104 _____ (AVAST Software) C:\Users\david\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-06-16 12:29 - 2016-06-16 12:29 - 24927936 _____ (Dell Inc.) C:\Users\david\Downloads\Network_Driver_NNGMH_WN_18.1.0.0_A08.EXE
2016-06-16 12:29 - 2016-06-16 12:29 - 17228424 _____ (Dell Inc.) C:\Users\david\Downloads\Chipset_Driver_MPGY4_WN_7.1.70.1205_A05.EXE
2016-06-16 12:29 - 2016-06-16 12:29 - 05838216 _____ C:\Users\david\Downloads\O790-A18.exe
2016-06-16 12:24 - 2016-06-16 12:24 - 06541784 _____ (Tim Kosse) C:\Users\david\Downloads\FileZilla_3.18.0_win64-setup.exe
2016-06-16 12:23 - 2016-06-16 12:23 - 06513888 _____ (Tim Kosse) C:\Users\david\Downloads\FileZilla_3.17.0.1_win64-setup.exe
2016-06-16 12:10 - 2016-06-16 12:10 - 01309368 _____ (Hewlett-Packard Development Company, L.P.) C:\Users\david\Downloads\cp028095.exe
2016-06-16 12:04 - 2016-06-16 12:04 - 00000000 ____D C:\Users\david\Downloads\win98boot
2016-06-16 12:03 - 2016-06-16 12:03 - 00685454 _____ C:\Users\david\Downloads\win98boot.zip
2016-06-16 12:03 - 2016-06-16 12:03 - 00098304 _____ (Hewlett-Packard Company) C:\Users\david\Downloads\HPUSBDisk(1).exe
2016-06-11 00:08 - 2016-06-11 00:08 - 00000000 _____ C:\autoexec.bat
2016-06-11 00:06 - 2016-06-11 00:06 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\david\Downloads\SpyHunter-Installer.exe
2016-06-10 02:19 - 2016-06-10 02:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-10 02:19 - 2016-06-10 02:19 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-08 01:20 - 2016-06-09 00:54 - 00001054 _____ C:\mb.txt
2016-06-08 00:51 - 2016-06-08 00:52 - 22851472 _____ (Malwarebytes ) C:\Users\david\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-07 00:59 - 2016-06-07 00:59 - 00000000 ____D C:\Users\david\AppData\Roaming\redsn0w
2016-06-07 00:49 - 2016-06-07 00:52 - 17279732 _____ C:\Users\david\Downloads\redsn0w_win_0.9.15b3.zip
2016-06-07 00:43 - 2016-06-07 00:43 - 00795611 _____ C:\Users\david\Downloads\DoulCi Bypass ICloud Activator.zip
2016-06-07 00:25 - 2016-06-07 00:25 - 01408448 _____ C:\Users\david\Downloads\DoulCi Activator v2.5 iCloud Unlock  2016.rar
2016-06-07 00:12 - 2016-06-07 00:12 - 14368438 _____ C:\Users\david\Downloads\DoulCi 3.0.rar
2016-06-06 23:54 - 2016-06-06 23:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\david\Downloads\spybot-2.4.exe
2016-06-06 23:39 - 2016-06-06 23:39 - 02093555 _____ (iCloud Bypass) C:\Users\david\Downloads\doucli.exe
2016-06-06 23:35 - 2016-06-06 23:36 - 00087931 _____ C:\Users\david\Downloads\Doulci Activator V3.rar
2016-06-06 22:52 - 2016-06-09 20:23 - 00001791 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 22:51 - 2016-06-06 22:51 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 22:51 - 2016-06-06 22:51 - 00000000 ____D C:\Program Files\iPod
2016-06-06 22:51 - 2016-06-06 22:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-06 22:48 - 2016-06-06 22:48 - 00000000 ____D C:\Program Files\Bonjour
2016-06-06 22:48 - 2016-06-06 22:48 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-06-06 22:45 - 2016-06-06 22:45 - 00000000 ____D C:\Users\david\AppData\Local\Apple Inc
2016-06-06 22:45 - 2016-06-06 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-06-06 22:43 - 2016-06-06 22:43 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-06-06 22:43 - 2016-06-06 22:43 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-06-06 22:40 - 2016-06-09 20:23 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-06 22:40 - 2016-06-09 20:23 - 00001843 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-06-06 22:40 - 2016-06-06 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-06 22:30 - 2016-06-06 22:30 - 13177094 _____ C:\Users\david\Downloads\0BxFPQXgfyPKSbWFVRk11X2dMbjg
2016-06-06 22:27 - 2016-06-06 22:28 - 02268022 _____ C:\Users\david\Downloads\Keygen_1.2.ace
2016-06-06 21:55 - 2016-06-06 21:57 - 00000000 ____D C:\Users\david\Downloads\Unlock ICloud Lock On All IPho Downloader
2016-06-06 21:55 - 2016-06-06 21:55 - 00576512 _____ C:\Users\david\Downloads\Unlock ICloud Lock On All IPho Downloader.rar
2016-06-04 17:37 - 2016-06-06 23:33 - 00007387 _____ C:\Windows\system32\hst.pcm
2016-06-04 17:37 - 2016-06-04 17:37 - 00000000 ____D C:\S
2016-06-04 17:32 - 2016-06-05 16:15 - 00000000 ____D C:\Users\david\AppData\Local\Host Service
2016-06-04 17:30 - 2016-06-07 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipDownloader
2016-06-03 13:56 - 2016-06-03 13:56 - 00000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2016-06-03 13:44 - 2016-06-03 13:44 - 00000000 ____D C:\Users\david\AppData\Roaming\FreeDownloadManager.ORG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-24 21:34 - 2014-01-31 21:36 - 00000000 ____D C:\ProgramData\BOINC
2016-06-24 21:27 - 2013-05-12 21:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-24 20:40 - 2015-04-07 10:14 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-06-24 17:17 - 2009-07-14 16:45 - 00032320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-24 17:17 - 2009-07-14 16:45 - 00032320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 10:59 - 2013-08-17 21:42 - 00000000 ____D C:\ProgramData\MFAData
2016-06-24 03:15 - 2009-07-14 14:34 - 00000513 _____ C:\Windows\win.ini
2016-06-24 03:14 - 2015-02-06 22:54 - 00000000 ____D C:\old d
2016-06-24 03:13 - 2013-08-24 22:25 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
2016-06-24 03:13 - 2009-07-14 17:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-24 02:00 - 2015-02-03 01:46 - 00000000 ____D C:\Program Files\Valleyb
2016-06-24 01:37 - 2013-08-12 14:23 - 00000000 ____D C:\Users\david\AppData\Local\CutePDF Writer
2016-06-24 01:33 - 2015-02-16 09:30 - 00000000 ____D C:\David
2016-06-24 00:58 - 2013-05-21 13:36 - 00002286 ____H C:\Users\david\Documents\Default.rdp
2016-06-23 15:06 - 2013-05-13 01:48 - 00000000 ____D C:\Users\david\AppData\Roaming\FileZilla
2016-06-23 15:05 - 2015-02-07 14:21 - 00002097 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-06-23 15:05 - 2013-05-17 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-23 15:05 - 2013-05-17 13:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-06-22 13:12 - 2013-09-28 12:15 - 00000000 ____D C:\UBCD4Win
2016-06-22 13:06 - 2013-05-10 22:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-22 11:58 - 2013-05-09 18:27 - 00001417 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-22 11:50 - 2015-01-14 21:30 - 00573566 _____ C:\Windows\ntbtlog.txt
2016-06-22 01:45 - 2009-07-14 15:20 - 00000000 ____D C:\Windows\SchCache
2016-06-22 01:15 - 2015-01-30 00:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-21 16:58 - 2013-05-15 21:01 - 00000000 ____D C:\Users\david\AppData\Roaming\vlc
2016-06-21 15:59 - 2009-07-14 17:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-21 15:59 - 2009-07-14 15:20 - 00000000 ____D C:\Windows\inf
2016-06-18 17:53 - 2013-05-10 13:40 - 00000000 ____D C:\Users\david\AppData\Local\Mozilla
2016-06-18 17:53 - 2013-05-10 01:05 - 00000000 ____D C:\Users\david\AppData\Roaming\Mozilla
2016-06-17 22:55 - 2015-03-08 02:36 - 00000000 ____D C:\Users\david\AppData\Local\CrashDumps
2016-06-17 22:27 - 2013-05-12 21:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 22:27 - 2013-05-12 21:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 22:27 - 2013-05-12 21:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 00:59 - 2015-02-16 15:55 - 00001033 _____ C:\Users\Network uvc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-16 23:31 - 2015-03-08 02:24 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-06-16 22:43 - 2015-06-26 15:59 - 00000000 ____D C:\ProgramData\Skype
2016-06-16 22:42 - 2015-04-03 16:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-16 22:36 - 2015-04-03 16:21 - 00000000 ____D C:\Users\david\AppData\Roaming\Skype
2016-06-16 22:35 - 2015-04-03 16:21 - 00000000 ____D C:\Users\david\AppData\Local\Skype
2016-06-16 22:32 - 2015-06-14 09:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-15 22:21 - 2015-11-22 20:07 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-06-15 22:21 - 2015-09-13 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-14 23:13 - 2015-10-15 12:16 - 00000000 ____D C:\Users\david\AppData\Roaming\GoContactSyncMOD
2016-06-11 00:25 - 2014-02-20 19:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-11 00:04 - 2013-05-21 06:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-11 00:04 - 2013-05-21 06:45 - 00000000 ____D C:\ProgramData\Apple
2016-06-09 20:24 - 2013-09-03 16:01 - 00001976 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera  Mail.lnk
2016-06-09 20:24 - 2009-07-14 17:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-06-09 20:23 - 2016-05-16 10:59 - 00002390 _____ C:\Users\david\Desktop\FreeUndelete.lnk
2016-06-09 20:23 - 2016-03-22 12:43 - 00001318 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-06-09 20:23 - 2016-01-25 14:54 - 00001074 _____ C:\Users\david\Desktop\WDL Website Builder 4.lnk
2016-06-09 20:23 - 2016-01-09 12:47 - 00000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-06-09 20:23 - 2016-01-09 12:47 - 00000957 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-06-09 20:23 - 2015-12-24 15:27 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-09 20:23 - 2015-12-24 15:27 - 00002045 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-09 20:23 - 2015-12-10 10:13 - 00001066 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2016-06-09 20:23 - 2015-11-15 14:31 - 00001312 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-06-09 20:23 - 2015-11-15 14:31 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2016-06-09 20:23 - 2015-11-15 14:31 - 00001188 _____ C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
2016-06-09 20:23 - 2015-11-15 14:24 - 00000977 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-06-09 20:23 - 2015-11-03 14:58 - 00001048 _____ C:\Users\david\Desktop\Connection to Capital pools.lnk
2016-06-09 20:23 - 2015-09-06 09:52 - 00000080 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 9.0.lnk
2016-06-09 20:23 - 2015-08-13 11:35 - 00002221 _____ C:\Users\david\Desktop\HP Support Assistant.lnk
2016-06-09 20:23 - 2015-07-21 13:37 - 00001329 _____ C:\Users\david\Desktop\AccountRight 2015.2.lnk
2016-06-09 20:23 - 2015-07-12 22:21 - 00000973 _____ C:\Users\Public\Desktop\Jarte.lnk
2016-06-09 20:23 - 2015-07-10 01:32 - 00000797 _____ C:\Users\david\Desktop\putty vps.lnk
2016-06-09 20:23 - 2015-07-02 22:46 - 00002599 _____ C:\Users\Public\Desktop\TEMPer V24.3.lnk
2016-06-09 20:23 - 2015-05-21 14:53 - 00002327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-06-09 20:23 - 2015-05-21 14:53 - 00002315 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-06-09 20:23 - 2015-05-14 21:30 - 00000929 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2016-06-09 20:23 - 2015-05-06 11:40 - 00001012 _____ C:\Users\david\Desktop\uMark 5.lnk
2016-06-09 20:23 - 2015-04-07 10:14 - 00002099 _____ C:\Users\david\Desktop\HP Photo Creations.lnk
2016-06-09 20:23 - 2015-04-06 16:49 - 00002165 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2016-06-09 20:23 - 2015-04-06 16:43 - 00002002 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-06-09 20:23 - 2015-04-06 10:02 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-06-09 20:23 - 2015-04-06 10:00 - 00001325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-06-09 20:23 - 2015-04-06 10:00 - 00001313 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2016-06-09 20:23 - 2015-03-30 20:21 - 00000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2016-06-09 20:23 - 2015-03-10 20:44 - 00003021 _____ C:\Users\david\Desktop\WinDFT.lnk
2016-06-09 20:23 - 2015-03-10 13:53 - 00001406 _____ C:\Users\david\Desktop\WinX Free MOV to AVI Converter.lnk
2016-06-09 20:23 - 2015-02-06 13:16 - 00000838 _____ C:\Users\Public\Desktop\Valleyb.lnk
2016-06-09 20:23 - 2015-01-26 23:16 - 00001850 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-06-09 20:23 - 2014-12-28 13:48 - 00001042 _____ C:\Users\david\Desktop\Connection to cbd towers.lnk
2016-06-09 20:23 - 2014-12-27 14:18 - 00003003 _____ C:\Users\david\Desktop\Microsoft Word 2010.lnk
2016-06-09 20:23 - 2014-12-07 23:32 - 00001306 _____ C:\Users\david\Desktop\Windows Password Key Professional.lnk
2016-06-09 20:23 - 2014-11-08 18:26 - 00001134 _____ C:\Users\david\Desktop\DMG Extractor.lnk
2016-06-09 20:23 - 2014-11-03 08:36 - 00001849 _____ C:\Users\david\Desktop\CrystalDiskMark.lnk
2016-06-09 20:23 - 2014-05-22 01:05 - 00001207 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2016-06-09 20:23 - 2014-05-22 00:47 - 00001342 _____ C:\Users\Public\Desktop\EaseUS Partition Master 10.0.lnk
2016-06-09 20:23 - 2014-04-29 20:58 - 00001032 _____ C:\Users\david\Desktop\Connection to Dzine.lnk
2016-06-09 20:23 - 2014-04-08 11:59 - 00001162 _____ C:\Users\david\Desktop\Format Factory.lnk
2016-06-09 20:23 - 2014-03-03 20:53 - 00001134 _____ C:\Users\david\Desktop\USB Disk Storage Format Tool.lnk
2016-06-09 20:23 - 2013-12-27 21:23 - 00002597 _____ C:\Users\Public\Desktop\IQmanager.lnk
2016-06-09 20:23 - 2013-09-28 12:17 - 00001319 _____ C:\Users\Public\Desktop\UBCD4Win.lnk
2016-06-09 20:23 - 2013-09-03 16:01 - 00001970 _____ C:\Users\david\Desktop\Opera  Mail.lnk
2016-06-09 20:23 - 2013-08-18 00:11 - 00003011 _____ C:\Users\david\Desktop\Microsoft Outlook 2010.lnk
2016-06-09 20:23 - 2013-08-17 21:38 - 00001011 _____ C:\Users\david\Desktop\QuickPar.lnk
2016-06-09 20:23 - 2013-08-09 18:48 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Cisco AnyConnect VPN Client.lnk
2016-06-09 20:23 - 2013-08-09 02:03 - 00001030 _____ C:\Users\david\Desktop\Connection to Leda.lnk
2016-06-09 20:23 - 2013-08-02 03:38 - 00000403 _____ C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
2016-06-09 20:23 - 2013-08-02 03:23 - 00000951 _____ C:\Users\Public\Desktop\ISO to USB.lnk
2016-06-09 20:23 - 2013-08-01 23:12 - 00001984 _____ C:\Users\david\Desktop\CrystalDiskInfo.lnk
2016-06-09 20:23 - 2013-07-25 22:09 - 00002066 _____ C:\Users\david\Desktop\Website Builder.lnk
2016-06-09 20:23 - 2013-07-22 21:33 - 00000951 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-06-09 20:23 - 2013-06-30 14:13 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LG PC Suite IV.lnk
2016-06-09 20:23 - 2013-06-30 14:13 - 00001196 _____ C:\Users\Public\Desktop\LG PC Suite IV.lnk
2016-06-09 20:23 - 2013-05-18 00:04 - 00001056 _____ C:\Users\david\Desktop\Connection to mail.medent.co.nz.lnk
2016-06-09 20:23 - 2013-05-18 00:03 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicWALL Global VPN Client.lnk
2016-06-09 20:23 - 2013-05-15 21:01 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-09 20:23 - 2013-05-10 09:14 - 00001260 _____ C:\Users\david\Desktop\Easy Outlook Express Repair.lnk
2016-06-09 20:23 - 2013-05-10 01:05 - 00002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-06-09 20:23 - 2013-05-10 01:05 - 00002044 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-09 20:23 - 2013-05-09 18:12 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-06-09 20:23 - 2013-05-09 18:12 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-06-09 20:23 - 2009-07-14 17:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-09 20:23 - 2009-07-14 16:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-09 20:23 - 2009-07-14 16:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-09 20:23 - 2009-07-14 16:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-09 20:23 - 2009-07-14 16:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-06-09 20:23 - 2009-07-14 16:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-06-09 20:23 - 2009-07-14 16:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-09 01:00 - 2009-07-14 15:20 - 00000000 ____D C:\Windows\Cursors
2016-06-06 23:56 - 2014-02-20 19:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-06 22:45 - 2013-05-21 06:49 - 00000000 ____D C:\Users\david\AppData\Roaming\Apple Computer
2016-06-06 22:40 - 2014-06-12 14:25 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-06-05 17:04 - 2016-01-23 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageBreeze
2016-06-05 16:58 - 2013-05-10 22:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-05 16:58 - 2009-07-14 16:45 - 00000000 ____D C:\Windows\Setup
2016-06-03 13:56 - 2015-05-14 21:32 - 00000000 ____D C:\Users\david\AppData\Roaming\VeraCrypt
2016-06-03 13:56 - 2015-05-14 21:30 - 00198248 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys
2016-06-02 12:15 - 2013-05-12 21:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-02 02:29 - 2015-02-16 15:54 - 00000000 ____D C:\Users\Network uvc

==================== Files in the root of some directories =======

2013-05-13 22:22 - 2016-03-30 12:55 - 0000600 _____ () C:\Users\david\AppData\Local\PUTTY.RND
2014-11-08 01:30 - 2016-05-23 23:38 - 0007618 _____ () C:\Users\david\AppData\Local\Resmon.ResmonCfg
2013-05-10 22:27 - 2014-08-01 13:34 - 1114624 _____ () C:\ProgramData\ArcAifSCSI6.log
2015-02-24 13:07 - 2015-04-05 15:23 - 0038319 _____ () C:\ProgramData\arcconfig.xml
2013-05-11 05:50 - 2013-11-18 01:45 - 1048695 _____ () C:\ProgramData\arcerror.txt
2013-06-21 16:31 - 2015-12-02 18:00 - 0043322 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\david\list.bat


Some files in TEMP:
====================
C:\Users\david\AppData\Local\Temp\avguirn_082097838289.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 11:02

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 24 June 2016 - 10:02 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2599083655-2389998508-407446948-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: hpapp - No CLSID Value
S2 ValleyBackup_scheduler; C:\Program Files\ValleyB\ValleyBackup_scheduler.exe [X]
S1 ASPI32; no ImagePath
S3 dcdbas; system32\DRIVERS\dcdbas64.sys 
Task: {CB76DF70-A271-4406-A2CA-3E8AF5E04CE6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

==

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 01 July 2016 - 08:23 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:43 AM

Posted 07 July 2016 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users