Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Eating my Bandwidth


  • This topic is locked This topic is locked
5 replies to this topic

#1 Arrocha

Arrocha

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 06 September 2016 - 04:36 PM

I use an Alienware M14X laptop that runs Windows 7. In order to access the internet, I use the mobile hotspot on my phone which has a limit of 7GB before I get charged a fee. Around two weeks ago, I noticed that an online game I played was taking way more data than it used to, for no apparent reason. But a few days ago, I did some tests and found that upon connecting my laptop to my mobile hotspot, around .3GB would be used in less than 10 minutes, without me starting any program or downloading anything. I made sure to check and see if any programs were downloading in the background, like say security programs or games, but found none. This has made it nearly impossible to use my laptop without reaching my data cap.

 

I did full scans in Safe Mode with AVG Antivirus and Malwarebytes. AVG found nothing, and Malwarebytes found only 1 PuP, which according to Google searches was harmless. I then downloaded SuperAntiSpyware and did a full Safe Mode scan with that as well. It found significantly more things, 1 adware, a few PuPs, and hundreds of tracking cookies. Despite all that, I found that my data is still being drained rapidly whenever I connect to my mobile hotspot. I even did a second full Safe Mode scan for each security program, with SuperAntiSpyware only finding a few more tracking cookies, but nothing else. I don't know what else I can do, aside from completely rebooting my computer, but that would be an incredible hassle, and with the 7GB limit, it would take quite a while before I manage to re-install everything. Any help I can get would be deeply appreciated.

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Vir (administrator) on VIR-COMP (06-09-2016 13:58:55)
Running from C:\Users\Vir\Downloads
Loaded Profiles: Vir (Available Profiles: Vir)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\3.5.0\ScriptHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-01-13] (Microsoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1545584 2011-01-10] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] => C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2569104 2015-12-11] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-17] ()
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\...\Run: [AvgSetup] => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [3302672 2016-06-01] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178136 2016-06-29] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155768 2016-06-29] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-06-29] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 170.164.50.66 168.215.210.50
Tcpip\..\Interfaces\{0CF3714C-46CA-49E8-85A3-B437B54486F6}: [DhcpNameServer] 170.164.50.66 168.215.210.50
Tcpip\..\Interfaces\{5976C240-2D15-40A0-B634-E63C2F664710}: [DhcpNameServer] 192.168.0.2 192.168.0.3
Tcpip\..\Interfaces\{746BE5B9-BC06-49FE-863B-81B3D83055FF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EFE9916C-E915-4956-8AE6-DFCB5C759509}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://alienwarearena.com/
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://AlienwareArena.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-11] (AVG Secure Search)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-17] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4175350891-3110468224-2623085410-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-17] (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Profile: C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdBlock) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-06]
CHR Extension: (AVG Web TuneUp) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmdocpbnblchppecickbipihlkehdfg [2016-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-06]
CHR Profile: C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31]
CHR Extension: (Google Search) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31]
CHR Extension: (Gmail) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31]
CHR Profile: C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (YouTube) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-08]
CHR Extension: (Google Search) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-08]
CHR Extension: (Gmail) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)
S3 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 vToolbarUpdater3.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe [1829776 2015-12-11] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23312 2013-01-22] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-01-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [307768 2016-06-29] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-06 13:58 - 2016-09-06 14:00 - 00022626 _____ C:\Users\Vir\Downloads\FRST.txt
2016-09-06 13:57 - 2016-09-06 13:58 - 00000000 ____D C:\FRST
2016-09-06 13:55 - 2016-09-06 13:56 - 02397696 _____ (Farbar) C:\Users\Vir\Downloads\FRST64.exe
2016-09-06 13:24 - 2016-09-06 13:54 - 00000000 ____D C:\Users\Vir\Downloads\Music 2016-09-06 13;24;24 (Full)
2016-09-06 13:15 - 2016-09-06 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-09-06 13:15 - 2016-09-06 13:15 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-09-06 13:12 - 2016-09-06 13:13 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Vir\Downloads\cbSetup.exe
2016-09-02 16:07 - 2016-09-02 16:07 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-09-02 16:07 - 2016-09-02 16:07 - 00000000 ____D C:\Users\Vir\AppData\Roaming\SUPERAntiSpyware.com
2016-09-02 16:07 - 2016-09-02 16:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-09-02 16:07 - 2016-09-02 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-09-02 16:07 - 2016-09-02 16:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-02 16:05 - 2016-09-02 16:06 - 27430912 _____ (SUPERAntiSpyware) C:\Users\Vir\Downloads\SUPERAntiSpyware.exe
2016-09-02 13:28 - 2016-09-03 16:22 - 00748230 _____ C:\Windows\ntbtlog.txt
2016-08-29 08:58 - 2016-08-29 11:49 - 00000059 ____N C:\Users\Vir\Documents\Samsung Galaxy Notes.txt
2016-08-23 14:52 - 2016-08-23 14:52 - 00000000 ____D C:\Users\Vir\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-06 13:37 - 2013-03-04 16:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-06 13:36 - 2012-10-12 17:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 13:34 - 2013-01-17 14:22 - 00000000 ____D C:\Users\Vir\AppData\Local\PMB Files
2016-09-06 13:10 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-06 13:10 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-06 13:07 - 2014-09-06 06:30 - 00000000 ____D C:\ProgramData\MFAData
2016-09-06 13:05 - 2011-09-15 21:05 - 00000000 ____D C:\ProgramData\Sonic
2016-09-06 13:03 - 2012-10-12 17:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 13:03 - 2011-09-15 21:00 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-09-06 13:03 - 2011-09-15 21:00 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-09-06 13:03 - 2011-09-15 20:52 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2016-09-06 13:02 - 2011-09-15 20:18 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-06 13:02 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 11:39 - 2013-02-15 13:46 - 00000000 ____D C:\Users\Vir\AppData\Roaming\vlc
2016-09-04 16:17 - 2013-01-23 18:07 - 00000000 ____D C:\Users\Vir\AppData\Local\Warframe
2016-09-04 15:32 - 2009-07-13 22:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-02 16:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-02 14:30 - 2016-04-12 14:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 08:58 - 2012-09-30 02:34 - 00000000 ___RD C:\Users\Vir\Downloads\Documents 2016-09-06 13;22;45 (Full)
2016-08-25 16:59 - 2012-10-18 02:47 - 00001945 _____ C:\Windows\epplauncher.mif
2016-08-23 18:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\ModemLogs
2016-08-23 14:08 - 2015-05-20 10:42 - 00000000 ____D C:\Users\Vir\AppData\Local\Avg
2016-08-23 12:19 - 2015-12-22 20:54 - 00002158 _____ C:\Users\Vir\Desktop\Discord.lnk
2016-08-23 12:19 - 2015-12-22 20:54 - 00000000 ____D C:\Users\Vir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-23 12:19 - 2015-12-22 20:54 - 00000000 ____D C:\Users\Vir\AppData\Roaming\discord
2016-08-23 12:19 - 2015-12-22 20:54 - 00000000 ____D C:\Users\Vir\AppData\Local\Discord
2016-08-18 12:23 - 2014-01-07 00:27 - 00000000 ____D C:\Users\Vir\AppData\Roaming\dvdcss
2016-08-15 08:17 - 2014-01-08 03:03 - 00000000 ____D C:\Users\Vir\AppData\Local\Battle.net
2016-08-15 08:17 - 2014-01-08 03:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-10 09:32 - 2016-05-27 16:42 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-09 11:39 - 2012-10-12 17:19 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-02-07 13:31 - 2014-02-07 13:31 - 0000030 _____ () C:\Users\Vir\AppData\Roaming\WB.CFG
2013-04-15 20:10 - 2016-07-30 19:34 - 0007599 _____ () C:\Users\Vir\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-24 11:15
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 07 September 2016 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program via the Control Panel > Programs > Programs and Features.
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-11] (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 vToolbarUpdater3.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe [1829776 2015-12-11] (AVG Secure Search)
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.reg:  =>  <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
<<<>>>

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

==

Please post the logs and let me know what problem persists.

#3 Arrocha

Arrocha
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 07 September 2016 - 03:34 PM

Hello nasaq

 

First off, thank you very much for the prompt help. I was expecting it to be several days before I received a reply. I did all that you asked, but I can't test to see whether the bandwidth consumption problem still exists at the moment. I will reply again when I get home. Again, thank you very much for the help. 

 

Fix Log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Vir (07-09-2016 12:28:33) Run:1
Running from C:\Users\Vir\Desktop
Loaded Profiles: Vir (Available Profiles: Vir)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-11] (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={337A5485-31CF-4D50-B9F4-A650ABA79F43}&mid=5719ac066bd847d296b305f79ff1c4a0-e61be3d7f4d75e6210479333cd71915ab704c60c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-07 09:35:16&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
R2 vToolbarUpdater3.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe [1829776 2015-12-11] (AVG Secure Search)
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.reg:  =>  <===== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => not found.
C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
vToolbarUpdater3.5.0 => service removed successfully
Delldiag => service removed successfully
EagleX64 => service removed successfully
esgiguard => service removed successfully
X6va011 => service removed successfully
X6va012 => service removed successfully
"C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.exe" => key removed successfully
"HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.scr" => key removed successfully
"HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.bat" => key removed successfully
"HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.com" => key removed successfully
 
========= HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.=>  <===== ATTENTION =========
 
 
========= End of CMD: =========
 
"HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\Classes\.reg" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78316335 B
Java, Flash, Steam htmlcache => 73928237 B
Windows/system/drivers => 8938658 B
Edge => 0 B
Chrome => 827788626 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 77748 B
LocalService => 0 B
NetworkService => 6102 B
UpdatusUser => 0 B
Vir => 311769219 B
UpdatusUser => 0 B
UpdatusUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:29:14 ====
 
 
 
Adw Log:
 
 
# AdwCleaner v6.010 - Logfile created 07/09/2016 at 12:56:52
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-07.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Vir - VIR-COMP
# Running from : C:\Users\Vir\Downloads\adwcleaner_6.010.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Vir\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Users\Vir\AppData\LocalLow\avg web tuneup
[-] Folder deleted: C:\Users\Vir\AppData\Roaming\GrabPro
[-] Folder deleted: C:\Users\Vir\AppData\Roaming\ProgSense
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\ProgSense
[-] Key deleted: HKU\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\tinydm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4175350891-3110468224-2623085410-1001\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\ProgSense
[#] Key deleted on reboot: HKCU\Software\tinydm.com
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
 
 
***** [ Web browsers ] *****
 
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [mysearch.avg.com] [Search Provider] Deleted: mysearch.avg.com
[-] [C:\Users\Vir\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ehkepjiconegkhpodgoaeamnpckdbblp
[-] [delta-search.com] [Search Provider] Deleted: delta-search.com
[-] [Mysearchdial.com] [Search Provider] Deleted: Mysearchdial.com
[-] [delta-search.com] [Search Provider] Deleted: delta-search.com
[-] [Mysearchdial.com] [Search Provider] Deleted: Mysearchdial.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5257 Bytes] - [07/09/2016 12:56:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [5589 Bytes] - [07/09/2016 12:40:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5403 Bytes] ##########
 

 



#4 Arrocha

Arrocha
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 09 September 2016 - 09:41 PM

I've been watching my data usage these last few days and things seem to have stabilized. Whatever I was infected with is gone now. Thank you very much for your help nasaq. This has saved me a load of time and headaches. Again, thank you very much.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 10 September 2016 - 07:44 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:13 PM

Posted 16 September 2016 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users