Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent redirects to googleapis


  • This topic is locked This topic is locked
4 replies to this topic

#1 vinylhaircut

vinylhaircut

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 05 September 2016 - 03:57 PM

Greetings,

 

First, thanks in advance for any assistance.  I understand that this is voluntary help and I will be patient.  :)

 

I try to be diligent in avoiding email attachments, clicking on unknown links, etc.  But ... I messed up.  I thought I was clicking on a link to watch a photography instruction video, but instead it was actually a download.  I killed it, but have apparently been infected nonetheless.  I've attached a jpg of the type of redirect / pop-up I experience:  "your computer has been blocked" message and audio.

 

As you'll see from the below, I've tried several steps to eradicate:

* Malwarebytes Anti-Malware

* ADW cleaner

* Unhackme

* TDSSKiller

* HitmanPro

 

When I scan with those now, they all come up "clean", no malware found.  I run Avast Pro Antivirus and I am backed up.

 

Windows 7, 64-bit.  Mainly use Chrome, IE every once in awhile.  I have firefox installed but rarely use.  The redirects are happening with Chrome.  Since I use IE so infrequently, I just reset it to default settings.

 

Appreciate any assistance.  Let me know what additional information would be helpful.

 

 .

 

 

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Dave (administrator) on VINYLHAIRCUT (05-09-2016 14:56:56)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave &  (Available Profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Users\Dave\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
() C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Spotify Ltd) C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\SP6\LU1\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\SP6\LU1\LogitechUpdate.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-03] (AVAST Software)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-06-20] (AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1110232 2016-06-25] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\Run: [Google Update] => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\Run: [Amazon Music] => C:\Users\Dave\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\Run: [Spotify Web Helper] => C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-15] (Spotify Ltd)
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\MountPoints2: {20e16dc9-4388-11e6-8d4d-386077bfb9f7} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\MountPoints2: {54741323-8fe5-11e1-96d7-386077bfb9f7} - N:\MotoCastSetup.exe -a
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\MountPoints2: {5cc0c212-d430-11e1-a0fa-386077bfb9f7} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\MountPoints2: {5cc0c387-d430-11e1-a0fa-386077bfb9f7} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\MountPoints2: {8d41bc17-0b69-11e4-9983-386077bfb9f7} - L:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-03] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2013-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2013-03-12] (Dropbox, Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-12-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{257AEA1A-1640-44F6-AAA6-BB6EDD3639E2}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{257AEA1A-1640-44F6-AAA6-BB6EDD3639E2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6D3C3C1-FD24-4CD3-A2CA-EF885F2C4593}: [DhcpNameServer] 192.168.1.2 208.67.222.222 208.67.220.220 208.67.220.222
 
Internet Explorer:
==================
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-1485511409-3531237283-2676960199-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1485511409-3531237283-2676960199-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1485511409-3531237283-2676960199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-03] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-03] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-12] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default
FF Homepage: about:blank
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF NewTab: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-09-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-10-04] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @nds.com/PCShowPlugin -> C:\Users\Dave\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @nds.com/PlayerPlugin -> C:\Users\Dave\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Dave\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-09-10] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-10] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\searchplugins\google-lavasoft.xml [2016-02-18]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\LogMeInClient@logmein.com [not found]
FF Extension: (DownloadHelper) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-03-14] [not signed]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\artur.dubovoy@gmail.com [not found]
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-03]
FF Extension: (Garmin Communicator) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-03-14] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-16] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\2005645581.js [2016-09-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\2005645581.cfg [2016-09-03] <==== ATTENTION
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-03] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2014-10-04] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-18] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-09-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-03] (AVAST Software)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S1 hola_net; C:\Windows\System32\DRIVERS\hola_net.sys [87232 2013-08-22] (Hola Networks Ltd.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-09-05] (Greatis Software)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-01-30] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-05 14:56 - 2016-09-05 14:57 - 00030476 _____ C:\Users\Dave\Desktop\FRST.txt
2016-09-05 14:56 - 2016-09-05 14:56 - 00000000 ____D C:\FRST
2016-09-05 14:53 - 2016-09-05 14:53 - 02397696 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2016-09-05 14:53 - 2016-09-05 14:53 - 02397696 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-09-05 07:22 - 2016-09-05 07:22 - 03826240 _____ C:\Users\Dave\Downloads\adwcleaner_6.010 (1).exe
2016-09-05 06:52 - 2016-09-05 06:52 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-09-05 06:34 - 2016-09-05 11:38 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-09-05 06:34 - 2016-09-05 06:47 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-09-05 06:34 - 2016-09-05 06:34 - 00003330 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-09-05 06:34 - 2016-09-05 06:34 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-09-05 06:34 - 2016-09-05 06:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-09-05 06:34 - 2016-08-31 11:53 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-09-05 06:34 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-09-05 06:33 - 2016-09-05 06:33 - 18165905 _____ C:\Users\Dave\Downloads\unhackme (1).zip
2016-09-04 01:23 - 2016-09-04 01:23 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-09-04 01:23 - 2016-09-04 01:23 - 00000276 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Dave.job
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\Users\Dave\AppData\Roaming\ProductData
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\IObit
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\ProgramData\ProductData
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\ProgramData\IObit
2016-09-04 01:23 - 2016-09-04 01:23 - 00000000 ____D C:\Program Files (x86)\IObit
2016-09-04 01:22 - 2016-09-04 01:27 - 00000000 ____D C:\Users\Dave\AppData\Roaming\IObit
2016-09-04 01:22 - 2016-09-04 01:22 - 13544736 _____ (IObit) C:\Users\Dave\Downloads\iobituninstaller.exe
2016-09-04 01:21 - 2016-09-05 07:26 - 00000248 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-09-04 01:15 - 2016-09-05 07:02 - 00001236 _____ C:\Windows\system32\Partizan.RRI
2016-09-04 01:10 - 2016-09-05 14:33 - 00000000 ____D C:\Users\Dave\Documents\RegRun2
2016-09-04 01:10 - 2016-09-05 11:38 - 00000000 ____D C:\ProgramData\RegRun
2016-09-04 01:10 - 2016-09-05 06:34 - 00000002 RSHOT C:\Windows\winstart.bat
2016-09-04 01:10 - 2016-09-05 06:34 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-09-04 01:08 - 2016-09-04 01:09 - 18165905 _____ C:\Users\Dave\Downloads\unhackme.zip
2016-09-04 00:58 - 2016-09-05 11:34 - 00000000 ____D C:\AdwCleaner
2016-09-04 00:58 - 2016-09-04 00:58 - 03826240 _____ C:\Users\Dave\Downloads\adwcleaner_6.010.exe
2016-09-04 00:51 - 2016-09-04 00:51 - 11438608 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\hitmanpro_x64 (1).exe
2016-09-04 00:32 - 2016-09-04 00:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dave\Downloads\rkill.com
2016-09-04 00:31 - 2016-09-04 00:31 - 00223024 _____ C:\TDSSKiller.3.1.0.11_04.09.2016_00.31.03_log.txt
2016-09-04 00:30 - 2016-09-04 00:30 - 04656735 _____ C:\Users\Dave\Downloads\tdsskiller.zip
2016-09-04 00:13 - 2016-09-04 00:13 - 00003758 _____ C:\Windows\system32\.crusader
2016-09-04 00:05 - 2016-09-04 00:13 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-04 00:05 - 2016-09-04 00:05 - 11438608 _____ (SurfRight B.V.) C:\Users\Dave\Downloads\hitmanpro_x64.exe
2016-09-04 00:02 - 2016-09-04 00:03 - 00222506 _____ C:\TDSSKiller.3.1.0.11_04.09.2016_00.02.42_log.txt
2016-09-04 00:02 - 2016-09-04 00:02 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Dave\Downloads\tdsskiller.exe
2016-09-03 23:37 - 2016-09-03 23:37 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-03 23:37 - 2016-09-03 23:37 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-03 22:44 - 2016-09-03 23:57 - 00000000 ____D C:\ProgramData\FileFinder
2016-09-03 22:44 - 2016-09-03 22:44 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\FileFinder
2016-09-03 22:44 - 2016-09-03 22:44 - 00000000 ____D C:\Program Files (x86)\FileFinder
2016-09-03 22:43 - 2016-09-03 22:44 - 00000000 ____D C:\ProgramData\Webitar Production Inc
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-05 14:55 - 2012-03-31 11:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 14:34 - 2012-04-04 22:27 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485511409-3531237283-2676960199-1000UA.job
2016-09-05 14:17 - 2012-05-29 20:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 11:29 - 2014-07-05 00:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 11:24 - 2012-03-30 21:55 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02F359B2-84BE-4C88-A237-B18907A49E87}
2016-09-05 07:36 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 07:36 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 07:27 - 2012-05-29 20:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 07:26 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 06:59 - 2012-04-01 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
2016-09-05 06:59 - 2012-03-31 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
2016-09-05 02:00 - 2014-08-28 18:02 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
2016-09-04 18:40 - 2007-10-14 13:12 - 00000000 ____D C:\Users\Dave\Documents\Dave's Documents
2016-09-04 18:34 - 2012-04-04 22:27 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485511409-3531237283-2676960199-1000Core.job
2016-09-04 15:41 - 2012-11-16 16:47 - 00000000 ____D C:\Program Files (x86)\AnalyzerSoftware
2016-09-04 15:41 - 2012-01-30 21:09 - 00000000 ____D C:\Program Files (x86)\Hp
2016-09-04 15:41 - 2012-01-30 21:06 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-09-04 15:39 - 2008-06-13 17:25 - 00000000 ____D C:\Garmin
2016-09-04 15:38 - 2012-01-30 21:06 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-09-04 15:37 - 2012-01-30 21:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-09-04 15:36 - 2012-01-30 21:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-09-04 15:33 - 2012-04-13 21:47 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-09-04 01:15 - 2016-07-11 20:15 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-04 01:15 - 2012-04-04 22:28 - 00002335 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-04 01:15 - 2012-03-31 09:31 - 00001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-04 01:15 - 2012-03-30 21:55 - 00001419 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-04 00:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2016-09-04 00:27 - 2012-12-29 08:35 - 00000000 ____D C:\Windows\pss
2016-09-03 23:40 - 2016-07-11 20:15 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468286154
2016-09-03 23:39 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2016-09-03 23:37 - 2014-05-05 23:30 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-03 23:37 - 2013-12-29 20:58 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-03 23:37 - 2013-03-15 15:36 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-03 23:37 - 2013-03-15 15:36 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-03 23:37 - 2012-07-10 00:38 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-03 23:37 - 2012-03-31 09:20 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-03 23:37 - 2012-03-31 09:20 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-03 23:37 - 2012-03-31 09:20 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-03 23:36 - 2012-03-31 09:20 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-09-03 23:36 - 2012-03-31 09:20 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-09-03 23:18 - 2014-07-05 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-03 23:18 - 2014-07-05 00:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-03 22:44 - 2014-03-16 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 14:14 - 2016-04-07 16:38 - 00012175 _____ C:\ProgramData\StreamingMediaTechnologyLog.txt
2016-08-22 22:02 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-22 22:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-22 22:01 - 2014-11-13 21:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-22 21:58 - 2014-11-13 20:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-19 20:24 - 2012-05-02 15:19 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2016-08-19 18:18 - 2012-05-29 20:05 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-11 07:27 - 2007-10-22 18:59 - 00000000 ____D C:\Users\Dave\Desktop\For Printing
 
==================== Files in the root of some directories =======
 
2013-04-29 15:43 - 2014-10-05 16:39 - 0000132 _____ () C:\Users\Dave\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 16:18 - 2015-01-15 05:45 - 0000145 _____ () C:\Users\Dave\AppData\Roaming\Camdata.ini
2015-01-14 16:18 - 2015-01-15 05:45 - 0000408 _____ () C:\Users\Dave\AppData\Roaming\CamLayout.ini
2015-01-14 16:18 - 2015-01-15 05:45 - 0000408 _____ () C:\Users\Dave\AppData\Roaming\CamShapes.ini
2015-01-14 16:18 - 2015-01-15 05:45 - 0004556 _____ () C:\Users\Dave\AppData\Roaming\CamStudio.cfg
2015-01-14 16:23 - 2015-01-14 16:23 - 0000098 _____ () C:\Users\Dave\AppData\Roaming\CamStudio.Producer.command
2015-01-14 16:23 - 2015-01-14 16:23 - 0000000 _____ () C:\Users\Dave\AppData\Roaming\CamStudio.Producer.Data.ini
2015-01-14 16:23 - 2015-01-14 16:23 - 0001206 _____ () C:\Users\Dave\AppData\Roaming\CamStudio.Producer.ini
2015-01-14 15:48 - 2015-01-14 15:48 - 0000626 _____ () C:\Users\Dave\AppData\Roaming\Requiem.log
2015-01-14 15:51 - 2015-01-15 05:34 - 0000096 _____ () C:\Users\Dave\AppData\Roaming\version2.xml
2016-07-06 16:50 - 2016-07-06 16:50 - 0001456 _____ () C:\Users\Dave\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-03-31 09:28 - 2012-03-31 09:28 - 0000089 _____ () C:\Users\Dave\AppData\Local\msmathematics.qat.Dave
2015-11-05 20:58 - 2015-11-05 20:58 - 0002294 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
2013-05-05 00:00 - 2013-05-05 00:20 - 0000000 _____ () C:\ProgramData\as98213.txt
2013-05-05 00:00 - 2013-05-05 00:00 - 0000056 _____ () C:\ProgramData\b3mjej.bat
2013-05-05 00:00 - 2013-05-05 00:20 - 95023320 ____T () C:\ProgramData\b3mjej.pad
2013-05-05 00:00 - 2013-05-05 00:00 - 0000152 _____ () C:\ProgramData\b3mjej.reg
2013-05-05 00:00 - 2013-05-05 00:00 - 95023320 ____T () C:\ProgramData\l2bj.pad
2016-04-07 16:38 - 2016-08-23 14:14 - 0012175 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt
 
Files to move or delete:
====================
C:\ProgramData\b3mjej.bat
C:\ProgramData\b3mjej.pad
C:\ProgramData\b3mjej.reg
C:\ProgramData\l2bj.pad
C:\Users\Dave\143.bat
C:\Users\Dave\wmal2pcm.exe
 
 
Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Dave\AppData\Local\Temp\ced4-bd4a-b7ca-a797.exe
C:\Users\Dave\AppData\Local\Temp\InstallerPMP32.exe
C:\Users\Dave\AppData\Local\Temp\InstallerPMP64.exe
C:\Users\Dave\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dave\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dave\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Dave\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Dave\AppData\Local\Temp\ose00000.exe
C:\Users\Dave\AppData\Local\Temp\readSTILog.dll
C:\Users\Dave\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-05 00:57
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 06 September 2016 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1485511409-3531237283-2676960199-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @nds.com/PCShowPlugin -> C:\Users\Dave\AppData\Local\DIRECTV Player\npPCShowPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1485511409-3531237283-2676960199-1000: @nds.com/PlayerPlugin -> C:\Users\Dave\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [No File]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\LogMeInClient@logmein.com [not found]
FF Extension: (No Name) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\8pl69h4g.default\extensions\artur.dubovoy@gmail.com [not found]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\2005645581.js [2016-09-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\2005645581.cfg [2016-09-03] <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\Windows\system32\drivers\EUFDDISK0.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {15C7C0C0-EC93-4E18-94CD-BF8872A2AC38} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {170DB72D-D1CF-4880-BB9A-8AC945F29064} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {262F8760-EA9D-41D8-A810-46765BC1EFA2} - \{176BDE5B-EFD9-4257-8532-44AE98374415} -> No File <==== ATTENTION
Task: {31017EB7-3057-4218-906D-94A289CD375F} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {35F85630-ECD4-48E9-97F9-84CD411E5C55} - \{4A20D3BE-15D5-444D-A9D1-885B7F3977A6} -> No File <==== ATTENTION
Task: {39BA1A8C-8867-4511-B854-236579453F5D} - \{703947D2-6177-4759-B2CE-F62A8835F3F1} -> No File <==== ATTENTION
Task: {5962045E-0228-4567-B420-1BC69A0487E2} - \{4B8077A3-D3E1-4254-9E42-A0E585F33C0F} -> No File <==== ATTENTION
Task: {5EAD7897-C98F-46FF-B2E4-899C48DE8A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6EDD68D8-9E60-4C35-B4FB-09AA537B3D51} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6EEC5A76-C06C-438D-A604-90F5B168CE06} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {744286CB-E5AE-4071-AFCA-42449BEFF41D} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
Task: {8FB2B9D8-CE6D-41EE-8135-E8A7C62BBA31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7F2023A-3406-4C39-928E-D8E8BB3A6E0E} - \{8A512C87-3B78-4768-9175-2B181C7B1DC5} -> No File <==== ATTENTION
Task: {E4909E1F-0ABB-4053-B4A2-BEBA4659F5B4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EC4C1EDF-E04D-41F3-94EA-07F342F8FE62} - \Hewlett-Packard\HP Support Assistant\PC Tuneup -> No File <==== ATTENTION
Task: {F58CA8D8-0CE2-46FA-AE1C-59418CD445F0} - \Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up -> No File <==== ATTENTION
Task: {FF5F4C05-3E28-474A-BF07-3294A193162C} - \{EE571D3F-2BC8-4894-8D2A-20B847EF271C} -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\Dave\Documents\Soccer DVD1.dmsd:Roxio EMC Stream [38]
IE trusted site: HKU\S-1-5-21-1485511409-3531237283-2676960199-1000\...\localhost -> localhost
FirewallRules: [{A0B087ED-319D-4CD1-AC23-E1864F6ED396}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsiA370.tmp\CnetInstaller-10569541.exe
FirewallRules: [{33080123-8ACB-444D-9553-659A8001B4BC}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsiA370.tmp\CnetInstaller-10569541.exe
FirewallRules: [{D1A61027-602B-456F-8C5F-F424C21F411A}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsm76E2.tmp\CnetInstaller-10784027.exe
FirewallRules: [{A3D39E41-02C3-4B65-8737-6B1A00D4A847}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsm76E2.tmp\CnetInstaller-10784027.exe
FirewallRules: [{30478649-457A-4A35-AFC1-26E57DEAC7AB}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsoFD02.tmp\CnetInstaller-75628166.exe
FirewallRules: [{90DCB8AD-96A6-4AA5-A810-01B3DAF0B434}] => (Allow) C:\Users\Dave\AppData\Local\Temp\nsoFD02.tmp\CnetInstaller-75628166.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/flashplayer/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporions)

Please post the log and let me know what problem persists.

#3 vinylhaircut

vinylhaircut
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 06 September 2016 - 11:04 AM

Thank you for your reply and assistance.

 

I have:

* Run FRST with the fix -- fixlog.txt attached

* removed and reinstalled chrome

* cleaned chrome cache & cookies

* reset firefox and cache

* updated flashplayer, deleted shockwave

* deleted java

 

So far, so good.  Thanks again for your help.  Please let me know if there are any additional steps I should take.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 06 September 2016 - 12:06 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 12 September 2016 - 07:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users