Jump to content

Browser redirect hijacks


Recommended Posts

Using my Aunt's computer she tells me when she clicks a link from email that it redirects to an advertisement.  When she closes that and clicks again it takes her to where the link should go.  I have seen this replicated.

 

I am told that this happens with some website links too but I have not seen it replicated.

 

I have ran MBAM which finds nothing.

 

The browsers do seem to have a few add-ons I cannot remove.  I am hoping you can help with this as soon as possible.

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 1.6.0_26
Run by Art at 11:23:31 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4094.2406 [GMT 11:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\24967605F6E646730314733354 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\4617033377966696F57607 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AA744B14-17C3-4908-8B0F-70FA782E1D2F} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: SmiArtCOmpare: {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - 
x64-BHO: SAVerPProo: {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - 
x64-BHO: HtmmlCHEcckeer: {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - 
x64-BHO: saveron: {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - 
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: 2014-02-05 15:42; zvb-wqbdfp@ai-opqpr.net; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\zvb-wqbdfp@ai-opqpr.net
FF - ExtSQL: 2014-02-05 15:42; yyuixx.yiea@dmfbjbqi.org; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\yyuixx.yiea@dmfbjbqi.org
FF - ExtSQL: 2014-02-05 15:42; ydzoeiue@rhdp.edu; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\ydzoeiue@rhdp.edu
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-8 529000]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-8 40736]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-6-29 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-6 254528]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-29 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-29 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-6-29 108440]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-21 149032]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe [2013-6-4 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe [2013-6-4 1263616]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-6 2337144]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe [2013-3-6 585728]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-6-4 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-7 1038088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-26 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736]
.
=============== Created Last 30 ================
.
2014-02-17 01:19:14 -------- d-----w- C:\Windows\pss
2014-02-17 00:31:58 -------- d-----w- C:\AdwCleaner
2014-02-16 23:30:41 -------- d-----w- C:\JRT
2014-02-16 23:03:29 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-13 22:48:33 -------- d-----w- C:\Users\Art\AppData\Local\Packages
2014-02-13 22:48:26 -------- d-----w- C:\ProgramData\SAVerPProo
2014-02-12 16:01:49 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 16:01:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 06:48:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 06:48:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 06:48:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 06:48:16 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 06:36:28 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 06:36:28 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 06:36:28 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 06:36:28 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-03 02:32:43 -------- d-----w- C:\ProgramData\HtmmlCHEcckeer
2014-02-03 02:32:41 -------- d-----w- C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 02:04:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 02:04:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 22:11:05 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-12-18 22:11:05 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 00:14:17 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 11:24:02.64 ===============
 
Attach
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/07/2011 2:52:40 PM
System Uptime: 19/02/2014 2:24:10 PM (21 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | NARRA5
Processor: AMD Athlon 7550 Dual-Core Processor | Socket AM2  | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 95.56 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.434 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is FIXED (FAT32) - 298 GiB total, 179.774 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP250: 15/11/2013 3:00:43 AM - Windows Update
RP251: 26/11/2013 11:55:36 AM - Scheduled Checkpoint
RP252: 29/11/2013 7:34:12 AM - Installed Samsung Kies
RP253: 4/12/2013 3:00:23 AM - Windows Update
RP254: 12/12/2013 12:00:16 AM - Scheduled Checkpoint
RP255: 12/12/2013 3:00:28 AM - Windows Update
RP256: 20/12/2013 12:00:11 AM - Scheduled Checkpoint
RP257: 22/12/2013 6:26:02 PM - Windows Update
RP258: 4/01/2014 12:48:48 PM - Scheduled Checkpoint
RP259: 12/01/2014 12:00:03 AM - Scheduled Checkpoint
RP260: 16/01/2014 3:00:49 AM - Windows Update
RP261: 24/01/2014 10:37:03 AM - Scheduled Checkpoint
RP262: 3/02/2014 10:43:03 AM - Scheduled Checkpoint
RP263: 11/02/2014 12:00:13 AM - Scheduled Checkpoint
RP264: 13/02/2014 3:00:15 AM - Windows Update
RP265: 17/02/2014 9:32:08 AM - 170214
RP266: 17/02/2014 2:24:48 PM - 170214almostclean
RP267: 17/02/2014 2:30:55 PM - 170214cleanqnmark
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.8)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
albumworks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
Avira Free Antivirus
BlackBerry Link
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Connect
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
CutePDF Writer 2.8
DAEMON Tools Lite
Driver Pro v3.0
Dropbox
ERUNT 1.1j
FileZilla Client 3.5.0
FoxTab
Ghostscript GPL 8.64 (Msi Setup)
GIMP 2.6.11
Glary Utilities 2.35.0.1216
Google Chrome
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
ImgBurn
Inkscape 0.48.1 
iTunes
Java Auto Updater
Java 6 Update 26
K-Lite Codec Pack 7.2.0 (Full)
kuler
LibreOffice 3.3
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MyCalendar
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Drivers
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Paint.NET v3.5.8
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Snap.Do
Speccy
Suite Shared Configuration CS4
SUPERAntiSpyware
TeamViewer 6
TP-LINK TL-WN851ND Driver
TP-LINK Wireless Configuration Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Studio 2010 x64 Redistributables
VLC media player 1.1.10
.
==== Event Viewer Messages From Past Week ========
.
19/02/2014 2:27:09 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
19/02/2014 2:27:09 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
19/02/2014 2:24:39 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.1.0 service failed to start due to the following error:  The system cannot find the file specified.
18/02/2014 4:29:21 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
18/02/2014 4:29:21 PM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

She uses Chrome & yet to see things replicated in Firefox.  Definitely extensions/addons can't get rid of in Chrome

e.g. Saveron, htmmlCHEcckeer

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Art [Admin rights]
Mode : Scan -- Date : 02/20/2014 12:29:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] ea1c020db9750956af345cdfe8ce9d40
[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294833 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603819090 | Size: 10409 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA MK3252GSX USB Device +++++
--- User ---
[MBR] f47c40799e7b3a318fe50e4bf03f04d6
[bSP] 9e38cd1b459863a78110369a3424f516 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02202014_122943.txt >>
RKreport[0]_S_02202014_114939.txt


 

Link to post
Share on other sites

Start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

# AdwCleaner v3.019 - Report created 20/02/2014 at 12:51:38
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Art - ART-PC
# Running from : C:\Users\Art\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
Folder Deleted : C:\Program Files (x86)\Driver Pro
Folder Deleted : C:\Program Files (x86)\FoxTab
Folder Deleted : C:\Users\Art\AppData\Roaming\Driver Pro
Folder Deleted : C:\Users\Art\AppData\Roaming\FoxTab
Folder Deleted : C:\Users\Art\AppData\Roaming\pluswinks
File Deleted : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Driver Pro
[x] Not Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\tuguu sl
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[x] Not Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1
[x] Not Deleted : [x64] HKCU\Software\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\prefs.js ]



-\\ Google Chrome v

[ File : C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6210 octets] - [17/02/2014 11:32:00]
AdwCleaner[R1].txt - [4252 octets] - [20/02/2014 12:48:55]
AdwCleaner[s0].txt - [6127 octets] - [17/02/2014 11:35:06]
AdwCleaner[s1].txt - [3740 octets] - [20/02/2014 12:51:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3800 octets] ##########
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Art (administrator) on ART-PC on 20-02-2014 12:57:58
Running from C:\Users\Art\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {1923fcd8-a791-11e0-b73e-0026187a78b8} - G:\autorun.exe
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83590-ee07-11e0-a902-0026187a78b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83598-ee07-11e0-a902-0026187a78b8} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {93758645-8cc3-11e2-9fee-db3f57872e66} - F:\LaunchU3.exe
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f053505b-cbd5-11e2-9eab-de6be4af673f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f1c093e6-06a0-11e2-a8c6-806e6f6e6963} - F:\Autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM - DefaultScope value is missing.
BHO: SmiArtCOmpare - {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - C:\ProgramData\SmiArtCOmpare\ha74UgOfpY.x64.dll No File
BHO: SAVerPProo - {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - C:\ProgramData\SAVerPProo\YnoWnaC.x64.dll No File
BHO: HtmmlCHEcckeer - {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - C:\ProgramData\HtmmlCHEcckeer\JvuqhlI.x64.dll No File
BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03]
CHR Extension: (Google Docs) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (YouTube) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Adblock Plus) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-20]
CHR Extension: (Google Search) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (FromDocToPDF) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp [2013-11-12]
CHR Extension: (Google Wallet) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]
CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06]
CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-07-08] (McAfee, Inc.)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-06-04] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-06-04] (Research In Motion Limited)
S2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-05-08] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-07-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529000 2010-07-08] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-04-08] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-06-04] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 12:57 - 2014-02-20 12:58 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt
2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST
2014-02-20 12:56 - 2014-02-20 12:57 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe
2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe
2014-02-20 12:24 - 2014-02-20 12:25 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt
2014-02-20 11:47 - 2014-02-20 12:42 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine
2014-02-20 11:47 - 2014-02-20 11:48 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
2014-02-20 11:14 - 2014-02-20 11:15 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe
2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe
2014-02-20 11:12 - 2014-02-20 11:13 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe
2014-02-19 11:11 - 2014-02-19 09:04 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr
2014-02-19 09:04 - 2014-02-19 11:11 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr
2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST
2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss
2014-02-17 12:02 - 2014-02-17 12:05 - 00000632 __RSH () C:\Users\Art\ntuser.pol
2014-02-17 11:31 - 2014-02-20 12:51 - 00000000 ____D () C:\AdwCleaner
2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe
2014-02-17 10:30 - 2014-02-17 11:22 - 00000000 ____D () C:\JRT
2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe
2014-02-17 09:49 - 2014-02-20 12:27 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor
2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 09:48 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\SAVerPProo
2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages
2014-02-13 03:01 - 2013-12-21 20:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 19:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 23:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 22:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 22:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 21:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 21:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 21:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 21:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 21:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 21:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 21:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 21:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 21:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 21:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 21:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 20:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 20:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 20:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 20:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 20:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 20:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 20:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 20:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 20:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 20:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 20:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 20:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 20:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 19:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 19:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 19:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 19:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 19:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 17:48 - 2014-01-01 10:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 17:48 - 2014-01-01 10:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 17:48 - 2013-12-06 13:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:48 - 2013-12-06 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 17:48 - 2013-12-06 13:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:48 - 2013-12-06 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 17:45 - 2013-12-04 13:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 17:45 - 2013-12-04 13:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 17:45 - 2013-12-04 13:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 17:45 - 2013-12-04 13:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 17:45 - 2013-12-04 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 17:45 - 2013-12-04 13:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 17:45 - 2013-12-04 13:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 17:45 - 2013-12-04 13:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 17:45 - 2013-12-04 13:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 17:45 - 2013-12-04 13:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 17:45 - 2013-12-04 12:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 17:45 - 2013-12-04 12:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 17:45 - 2013-12-04 12:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 17:45 - 2013-12-04 12:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 17:36 - 2013-12-25 10:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:36 - 2013-12-25 09:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:36 - 2013-11-26 19:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 17:36 - 2013-11-23 09:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip
2014-02-06 10:35 - 2014-02-06 10:59 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014
2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr
2014-02-03 13:32 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer
2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj

==================== One Month Modified Files and Folders =======

2014-02-20 12:58 - 2014-02-20 12:57 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt
2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST
2014-02-20 12:57 - 2014-02-20 12:56 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe
2014-02-20 12:57 - 2011-07-06 15:31 - 01581956 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 12:54 - 2013-06-13 16:01 - 00001433 _____ () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-02-20 12:53 - 2011-07-06 18:07 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-02-20 12:52 - 2013-06-29 13:32 - 00026680 _____ () C:\Windows\setupact.log
2014-02-20 12:52 - 2011-07-06 15:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-20 12:52 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 12:51 - 2014-02-17 11:31 - 00000000 ____D () C:\AdwCleaner
2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe
2014-02-20 12:42 - 2014-02-20 11:47 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine
2014-02-20 12:27 - 2014-02-17 09:49 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor
2014-02-20 12:25 - 2014-02-20 12:24 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2014-02-20 12:15 - 2011-07-06 18:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000UA.job
2014-02-20 12:04 - 2012-09-11 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt
2014-02-20 11:48 - 2014-02-20 11:47 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
2014-02-20 11:37 - 2013-06-29 16:11 - 00128322 _____ () C:\Windows\PFRO.log
2014-02-20 11:15 - 2014-02-20 11:14 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe
2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe
2014-02-20 11:13 - 2014-02-20 11:12 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe
2014-02-20 08:15 - 2011-07-06 18:01 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000Core.job
2014-02-19 11:11 - 2014-02-19 09:04 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr
2014-02-19 09:04 - 2014-02-19 11:11 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr
2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST
2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss
2014-02-17 12:19 - 2011-07-06 15:53 - 00000000 ___RD () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 12:12 - 2011-07-06 18:10 - 00000000 ____D () C:\Users\Art\AppData\Roaming\Dropbox
2014-02-17 12:11 - 2011-06-11 22:02 - 00000000 ___RD () C:\Users\Art\Dropbox
2014-02-17 12:05 - 2014-02-17 12:02 - 00000632 __RSH () C:\Users\Art\ntuser.pol
2014-02-17 12:05 - 2011-07-06 15:52 - 00000000 ____D () C:\Users\Art
2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe
2014-02-17 11:22 - 2014-02-17 10:30 - 00000000 ____D () C:\JRT
2014-02-17 11:21 - 2013-06-29 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 10:00 - 2012-05-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe
2014-02-17 09:52 - 2013-06-29 20:15 - 00000000 ____D () C:\Windows\ERDNT
2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 09:37 - 2014-02-14 09:48 - 00000000 ____D () C:\ProgramData\SAVerPProo
2014-02-17 09:37 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer
2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\SmiArtCOmpare
2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\saveron
2014-02-17 09:15 - 2009-07-14 16:13 - 00783374 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 09:12 - 2013-06-29 16:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages
2014-02-14 09:48 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\f77b50b554af04de
2014-02-14 09:18 - 2013-12-20 00:18 - 00000127 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2014-02-13 04:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:14 - 2011-07-06 18:29 - 00768842 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip
2014-02-06 23:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 22:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 22:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 22:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 22:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 22:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 21:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 21:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 21:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 21:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 21:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 21:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 21:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 21:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 21:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 21:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 21:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 21:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 21:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 20:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 20:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 20:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 20:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 20:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 20:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 20:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 20:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 20:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 20:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 20:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 20:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 20:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 20:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 20:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 19:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 19:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 19:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 19:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 19:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 10:59 - 2014-02-06 10:35 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014
2014-02-05 13:04 - 2012-09-11 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 13:04 - 2012-09-11 20:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 13:04 - 2011-07-06 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr
2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj
2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-28 09:26 - 2013-11-28 08:26 - 00000000 ____D () C:\Users\Art\Desktop\assorted files
2014-01-28 09:26 - 2012-01-06 13:00 - 00000000 ____D () C:\Users\Art\Desktop\2012-01-06 kristens camera
2014-01-28 09:25 - 2013-08-12 15:11 - 00000000 ____D () C:\Users\Art\Desktop\wilcox fliers

Some content of TEMP:
====================
C:\Users\Art\AppData\Local\Temp\avgnt.exe
C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Art\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 09:21

==================== End Of Log ============================

addition.txt attached

Addition.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Art at 2014-02-20 13:20:01 Run:1
Running from C:\Users\Art\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03]
CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
Task: {A41B1331-DC0C-4FE4-9E05-E930025B0D9D} - \EPUpdater No Task File
Task: {DD910BBB-5371-40A9-BC84-21E50F862758} - \Desk 365 RunAsStdUser No Task File
Task: {8A608056-CE9E-4F89-A3BD-A30C7805F516} - \LaunchApp No Task File
C:\Users\Art\AppData\Local\Temp\avgnt.exe
C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Art\AppData\Local\Temp\Quarantine.exe

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully.
HKCR\CLSID\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj => Moved successfully.
CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06] directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
C:\Users\Art\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Art\AppData\Local\Temp\Quarantine.exe => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====

rebooting as requested I'll BRB

Link to post
Share on other sites

Think I know what happened, Avira picked it up

 

Begin scan in 'C:\ProgramData\saveron\EGE.dll'
C:\ProgramData\saveron\EGE.dll
  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

Beginning disinfection:
C:\ProgramData\saveron\EGE.dll
  [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '5bff98e2.qua'!

Link to post
Share on other sites

It's listed but it's not on the system.

C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb

-------------------------------------

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindhkplcpjdkjhdlbpaocppfjjpfmgpcmfb:folderfindhkplcpjdkjhdlbpaocppfjjpfmgpcmfb
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 14:28 on 20/02/2014 by Art
Administrator - Elevation successful

========== regfind ==========

Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb"
No data found.

========== folderfind ==========

Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb"
C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb    d------    [17:13 05/01/2014]
C:\Users\All Users\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb    d------    [17:13 05/01/2014]

-= EOF =-

Link to post
Share on other sites

OK..........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

OK..........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.