Jump to content

sysWOW64 virus


Recommended Posts

I have what I think is a sysWOW64 virus but get conflicting information on-line.  My computer runs slow, gets pop-ups and webpages get stopped from me going there.  It picks different ones and allows me to visit previously blocked ones.  Can anyone help?.

 

I have looked in msconfig (blocked other viruses) regedit (stopped other virus) and task manager but with task manager not too sure what is supposed to be there.  Have checked all of them on-line but again get conflicting information as to whether they are virus or not.

 

My main concerns are explorer.exe, dll.exe (2 of them), 5 chrome 32* (this symbol after 32 has proved to be virus related before), dwm.exe, logginserver, searchindexer, services.exe, toolbarupdater.exe and I have 10 svchost.exe but going onto cmd and doing windows/ystem32/netstat - abno search it tells me that it cannot identify the address of a ferw of them.

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Post those logs please...

 

Kevin

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015

Ran by John at 2015-01-07 05:21:43

Running from C:\Users\John\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.111 - ALPS ELECTRIC CO., LTD.)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)

AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)

HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3372 - Intel Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

18-12-2014 14:49:48 Scheduled Checkpoint

19-12-2014 08:46:53 Windows Update

23-12-2014 11:47:09 Restore Operation

31-12-2014 22:52:46 Scheduled Checkpoint

06-01-2015 02:47:11 Windows Modules Installer

07-01-2015 03:00:12 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {173F9BD3-E0D1-45C1-AD5E-9238C72791A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)

Task: {319F232E-1692-4A54-8D77-AF3C1396EC80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)

Task: {D0323ABF-D0E1-4A7E-9ADE-C995C79593CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {E7D5D6E8-050D-4E75-937A-034CF03471C4} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)

Task: {FFF6FAA2-2D7B-4C2E-BB49-206C34C71946} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-12-09 22:26 - 2014-12-09 22:26 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe

2014-11-12 13:44 - 2013-12-06 17:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-12-09 22:26 - 2014-12-09 22:26 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll

2014-12-16 05:55 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-16 05:55 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-16 05:55 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-16 05:55 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: RTHDVCPL => :"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-55534762-144992477-3993507944-500 - Administrator - Disabled)

Guest (S-1-5-21-55534762-144992477-3993507944-501 - Limited - Disabled)

John (S-1-5-21-55534762-144992477-3993507944-1000 - Administrator - Enabled) => C:\Users\John

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/07/2015 05:15:10 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/07/2015 04:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/07/2015 03:05:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 10:00:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 00:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 02:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 07:56:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 10:01:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 08:56:25 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 08:26:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/04/2015 09:35:28 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/04/2015 09:35:27 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (01/04/2015 09:35:24 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/04/2015 09:35:18 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (01/04/2015 09:35:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

Avgdiska

AVGIDSDriver

Avgldx64

discache

spldr

Wanarpv6

 

Error: (01/04/2015 09:35:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: 

%%31

 

Error: (01/04/2015 09:03:27 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/04/2015 09:03:27 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (01/04/2015 09:03:23 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/04/2015 09:03:17 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Microsoft Office Sessions:

=========================

Error: (01/07/2015 05:15:10 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/07/2015 04:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/07/2015 03:05:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 10:00:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 00:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/06/2015 02:51:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 07:56:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 10:01:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 08:56:25 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/05/2015 08:26:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® CPU G645 @ 2.90GHz

Percentage of memory in use: 38%

Total physical RAM: 3976.83 MB

Available physical RAM: 2448.64 MB

Total Pagefile: 7951.84 MB

Available Pagefile: 6396.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.29 GB) (Free:899.31 GB) NTFS

Drive d: (EU2) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015

Ran by John (administrator) on JOHN-PC on 07-01-2015 05:21:00

Running from C:\Users\John\Downloads

Loaded Profile: John (Available profiles: John)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-55534762-144992477-3993507944-1000\...\MountPoints2: {7e41924a-6a72-11e4-ae98-806e6f6e6963} - D:\Setup.exe

HKU\S-1-5-21-55534762-144992477-3993507944-1000\...\MountPoints2: {d4153b04-6a70-11e4-b553-eee18df0d842} - G:\DriverPackSolution.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn%20uk%20-%20outrlook.com/

HKU\S-1-5-21-55534762-144992477-3993507944-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp

SearchScopes: HKU\S-1-5-21-55534762-144992477-3993507944-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CF50A8A2-B7BD-4425-B36C-1C94A0ABFB39}&mid=53ee84125c8847d28b6f3de12d3638bd-9c5537d93c1c1d4581275bd12f5a3537a443f245〈=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-0922:26:49&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-55534762-144992477-3993507944-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CF50A8A2-B7BD-4425-B36C-1C94A0ABFB39}&mid=53ee84125c8847d28b6f3de12d3638bd-9c5537d93c1c1d4581275bd12f5a3537a443f245〈=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-0922:26:49&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\o8k7zoad.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome: 

=======

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (AVG Secure Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-12-09]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Consumer Input) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2014-11-14]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)

R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-09] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-12] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-12-18] (Intel Corporation)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31984 2013-07-30] (Synaptics Incorporated)

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-07 05:21 - 2015-01-07 05:21 - 00009763 _____ () C:\Users\John\Downloads\FRST.txt

2015-01-07 05:20 - 2015-01-07 05:21 - 00000000 ____D () C:\FRST

2015-01-07 05:19 - 2015-01-07 05:21 - 171776888 _____ (Emsisoft Ltd. ) C:\Users\John\Downloads\EmsisoftAntiMalwareSetup.exe

2015-01-07 05:18 - 2015-01-07 05:18 - 02123776 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe

2015-01-06 04:11 - 2014-11-21 08:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-01-06 04:11 - 2014-11-21 07:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-01-06 04:10 - 2014-11-21 08:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-01-06 04:10 - 2014-11-21 08:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-01-06 04:10 - 2014-11-21 08:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-01-06 04:10 - 2014-11-21 08:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-01-06 04:10 - 2014-11-21 08:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-01-06 04:10 - 2014-11-21 08:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-01-06 04:10 - 2014-11-21 07:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-01-06 04:10 - 2014-11-21 07:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-01-06 04:10 - 2014-11-21 07:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-01-06 04:10 - 2014-11-21 07:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-01-06 04:10 - 2014-11-21 07:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-01-06 04:10 - 2014-11-21 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-01-06 04:10 - 2014-11-21 07:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-01-06 04:10 - 2014-11-21 07:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-01-06 04:10 - 2014-11-21 06:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-01-06 04:10 - 2014-11-21 06:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-01-06 04:10 - 2014-11-21 06:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-01-06 04:10 - 2014-11-21 06:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-01-06 04:10 - 2014-11-21 05:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-01-06 02:50 - 2015-01-06 02:50 - 00000000 ____D () C:\Windows\Panther

2015-01-05 03:09 - 2015-01-05 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-15 15:39 - 2014-12-15 15:39 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-15 15:33 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-15 15:33 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-15 15:33 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-15 15:33 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-15 15:33 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-15 15:33 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-15 15:33 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-15 15:33 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-15 15:33 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-15 15:33 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-15 08:13 - 2014-12-15 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015

2014-12-15 08:13 - 2014-12-15 08:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVG

2014-12-15 08:09 - 2014-12-15 08:09 - 00000000 ____D () C:\Users\John\AppData\Local\Avg

2014-12-15 08:09 - 2014-12-04 02:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-15 08:09 - 2014-12-04 02:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-15 08:09 - 2014-12-04 02:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-15 08:09 - 2014-12-04 02:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-15 08:09 - 2014-12-04 02:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-15 08:09 - 2014-12-04 02:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-15 08:09 - 2014-12-01 23:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-15 08:08 - 2014-12-04 02:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-15 08:08 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-15 08:08 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-15 08:08 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-15 08:07 - 2014-12-15 08:14 - 00000000 ____D () C:\ProgramData\AVG

2014-12-15 08:06 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-15 08:06 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-15 08:06 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-15 08:06 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-15 08:06 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-15 08:06 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-15 08:06 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-15 08:06 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-15 08:06 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-15 08:06 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-15 08:06 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-15 08:06 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-15 08:05 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-15 08:05 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-14 10:55 - 2014-12-14 10:55 - 00000000 _____ () C:\extensions.sqlite

2014-12-14 10:48 - 2014-12-14 10:48 - 00000890 _____ () C:\nsinst.log

2014-12-14 10:48 - 2014-12-14 10:48 - 00000000 ____D () C:\Program Files (x86)\NetRatingsNetSight

2014-12-09 22:27 - 2014-12-10 09:30 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-12-09 22:27 - 2014-12-10 08:55 - 00000000 ____D () C:\Users\John\AppData\Local\AVG Web TuneUp

2014-12-09 22:26 - 2014-12-09 22:27 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp

2014-12-09 22:26 - 2014-12-09 22:26 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-12-09 22:26 - 2014-12-09 22:26 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-12-09 22:26 - 2014-12-09 22:26 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp

2014-12-09 11:22 - 2014-12-09 11:22 - 02585592 _____ () C:\Users\John\Downloads\yougovpulse_setup.exe

2014-12-09 10:44 - 2014-12-09 10:50 - 00000000 _____ () C:\netstat

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-07 05:18 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-07 05:16 - 2014-11-12 13:30 - 01529317 _____ () C:\Windows\WindowsUpdate.log

2015-01-07 05:13 - 2014-11-13 16:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-07 05:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-07 05:13 - 2009-07-14 04:51 - 00039554 _____ () C:\Windows\setupact.log

2015-01-07 04:46 - 2009-07-14 04:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-07 04:46 - 2009-07-14 04:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-07 04:30 - 2014-11-13 16:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-07 03:54 - 2014-11-13 16:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-06 22:23 - 2014-11-12 14:41 - 00000000 ____D () C:\ProgramData\MFAData

2015-01-06 02:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-01-05 17:58 - 2014-11-13 16:46 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-05 17:58 - 2014-11-12 13:42 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\winrm

2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\WCN

2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\slmgr

2015-01-05 17:58 - 2011-04-12 08:17 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts

2015-01-05 17:58 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\spp

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ras

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\IME

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\icsxml

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\com

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA

2015-01-05 17:58 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers

2015-01-05 17:57 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration

2015-01-05 10:00 - 2014-11-12 13:30 - 00000000 ____D () C:\Users\John

2014-12-23 17:27 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-12-17 09:37 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache

2014-12-16 05:55 - 2014-11-13 16:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-15 16:10 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-12-15 15:39 - 2014-11-13 01:23 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-15 15:37 - 2014-11-12 15:37 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-15 15:34 - 2014-11-12 15:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-15 15:26 - 2014-11-13 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-12-15 15:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-12-15 15:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\servicing

2014-12-15 15:25 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-15 15:24 - 2014-11-12 14:43 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-12-15 15:24 - 2014-11-12 14:38 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla

2014-12-15 15:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-12-10 12:30 - 2014-11-13 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 12:30 - 2014-11-13 16:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 12:30 - 2014-11-13 16:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 23:55

 

==================== End Of Log ============================


========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 8723B91E)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

RogueKiller V10.1.2.0 [Jan  6 2015] by Adlice Software

mail : 

Feedback : 

Website : 

Blog : 

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : John [Administrator]

Mode : Scan -- Date : 01/07/2015  06:16:40

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000012f]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

 

============================================

RKreport_DEL_01072015_061409.log - RKreport_SCN_01072015_061316.log - RKreport_SCN_01072015_061338.log - RKreport_SCN_01072015_061505.log

Link to post
Share on other sites

Logs are clean, no malware/infection present. Continue as follows:

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply..

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin....

Link to post
Share on other sites

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Wed Nov 12 15:37:36 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 12 15:39:12 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 11 03:02:52 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 03:05:15 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Mon Dec 15 15:35:03 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 15 15:37:18 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Jan 07 23:09:45 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Jan 07 23:30:31 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 08 00:00:11 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 08 00:01:58 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0
Link to post
Share on other sites

# AdwCleaner v4.107 - Report created 07/01/2015 at 22:47:15

# Updated 07/01/2015 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : John - JOHN-PC

# Running from : C:\Users\John\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.17183

 

 

-\\ Mozilla Firefox v

 

 

-\\ Google Chrome v39.0.2171.95

 

 

*************************

 

AdwCleaner[R0].txt - [2809 octets] - [07/01/2015 22:22:14]

AdwCleaner[R1].txt - [1014 octets] - [07/01/2015 22:42:29]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Professional x64

Ran by John on Wed 01/07/2015 at 22:31:30.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-E8A1AF3E.pf

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/7/2015

Scan Time: 10:56:13 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.07.18

Rootkit Database: v2015.01.07.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 315850

Time Elapsed: 5 min, 30 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 3

PUP.Optional.ConsumerInput.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc, Quarantined, [4d518f65fc8d3bfbb1af9fc6a65d17e9], 

PUP.Optional.ConsumerInput.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3118_0, Quarantined, [4d518f65fc8d3bfbb1af9fc6a65d17e9], 

PUP.Optional.ConsumerInput.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3118_0\_metadata, Quarantined, [4d518f65fc8d3bfbb1af9fc6a65d17e9], 

 

Files: 1

PUP.Optional.ConsumerInput.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc\3.2.0.3118_0\_metadata\verified_contents.json, Quarantined, [4d518f65fc8d3bfbb1af9fc6a65d17e9], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/07/2015 at 22:41:29.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner[s0].txt - [2916 octets] - [07/01/2015 22:24:10]

AdwCleaner[s1].txt - [939 octets] - [07/01/2015 22:47:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [998 octets] ##########

Link to post
Share on other sites

Run the following:

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Post that log, also let me know if there are any remaining issues or concerns....

 

Kevin..

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2015   

Emsisoft Anti-Malware             

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 AVG Web TuneUp   

  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  

 Google Chrome (39.0.2171.71) 

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

 Emsisoft Anti-Malware a2service.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Hi Kevin.  Everything seemed fine for a few hours until I went onto a website I have programmes I watch and tried to put up a new programme and then I got the same problems as before.  I have run all the software now on my computer but I am not completely sure it has found everything.  I would make a donation but not keen on paypal is there a different method?.

 

Kind Regards

 

John Barr

Link to post
Share on other sites

Run the following, tell me if the issue still persists..

 

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 09-January-2015

Tool run by John on Fri 01/09/2015 at 10:06:33.88.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\John\Downloads\zoek (2).exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

1/9/2015 10:10:05 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\Users\John\AppData\Roaming\HpUpdate deleted successfully

C:\Users\John\AppData\Local\Adobe deleted successfully

C:\Users\John\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Running Processes ======================

 

C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

C:\Users\John\Downloads\zoek (2).exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\AVG Web TuneUp deleted

C:\extensions.sqlite deleted

C:\PROGRA~3\AVG Web TuneUp deleted

C:\Users\John\AppData\LocalLow\AVG Web TuneUp deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

"C:\Users\John\AppData\Local\AVG Web TuneUp" deleted

 

==== System Specs ======================

 

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3977 MB

CPU Info: Intel® Pentium® CPU G645 @ 2.90GHz

CPU Speed: 2964.4 MHz

Sound Card: Speakers (Realtek High Definiti | 

Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor | 

Screen Resolution: 1680 X 1050 - 32 bit

Network: Network Present

Network Adapters: Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Realtek PCIe GBE Family Controller

CD / DVD Drives: 2x (D: | G: | ) D: HL-DT-STDVDRAM GH82N     | G: DTSOFT  BDROM

Ports: COM Ports NOT Present. LPT1

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C:  931.3GB

Hard Disks - Free: C:  897.7GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 10/17/12 | ACRSYS - 1072009

Time Zone: GMT Standard Time

Motherboard *: Packard Bell imedia L4875

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)

Default Browser: Google Chrome 39.0.2171.95

Internet Explorer Version: 10.0.9200.17183 

Google Chrome version: 39.0.2171.95

Flash Player version: 15.0.0.246

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\John\AppData\Local\Temp ====

2015-01-07 22:31:10 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\libiconv2.dll

2015-01-07 22:31:10 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\libintl3.dll

2015-01-07 22:31:10 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\pcre3.dll

2015-01-07 22:31:10 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\regex2.dll

2015-01-07 22:31:10 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2015-01-07 05:43:20 A2B0924D50F4435FD389499047CE553A 1292192 ----a-w- C:\Users\John\AppData\Local\Temp\dllnt_dump.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2015-01-06 04:11:00 50F36BAEDF56CCC4367C975451479211 14364672 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2015-01-06 04:10:58 DEE4ECED282D6F1F067F49E216EBE789 361984 ----a-w- C:\Windows\SysWOW64\html.iec

2015-01-06 04:10:58 727A70DA965A764353985C2FA8082A4F 13758976 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2015-01-06 04:10:57 AE1DFAAA1C6F63458781818FC7B91F5E 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2015-01-06 04:10:57 A224B820E7C9C6DAFBF583B9B789A2FC 523264 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2015-01-06 04:10:57 924D4E490B8772F4A4D9350F72756784 1181696 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2015-01-06 04:10:57 36897C279E22BC5671B6CFB70B86D092 2054656 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2015-01-06 04:10:57 2BB8BC3DF1BE3F384931021E7D8331E4 1762816 ----a-w- C:\Windows\SysWOW64\wininet.dll

2015-01-06 04:10:56 F47A0D87C71BE0A02AA651631DFD2D19 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2015-01-06 04:10:56 B2D53AF974D63457079519E85DB0BDCA 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2015-01-06 04:10:56 B14D3A6181DF913518E118820660EEB8 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2015-01-06 04:10:56 AB6BCCAD359BC856D25DE8E24EDEB28B 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2015-01-06 04:10:56 9C81053094E0E261BEB00F819BF2FD11 2861568 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2015-01-06 04:10:56 37BE69922168AFB6FE670130DDFB5B89 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2015-01-06 04:10:55 D212F4FC0125511F78605CA25BCF2118 80384 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2015-01-06 04:10:55 A1246471DC24E227A692AAAA1E6E4E19 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2015-01-06 04:10:55 95DB60B7C34D03BF5AD29108DA33B986 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2015-01-06 04:10:55 8CFF3C79C48458398A9B33B85977EF0C 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-01-06 04:10:55 7DC8C56ACCB1E924AA280BC4DE36E3A7 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2015-01-06 04:10:55 54B6FF5C83264E126F452B67C6A6D227 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2015-01-06 04:10:55 4A982801D55D2BA46CB449E05419864D 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll

2015-01-06 04:10:55 45F9ADEC5CDE7EF2E163456B607A5468 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2015-01-06 04:10:55 0E75B6A37993DCF97D1C50C1EABE0EEE 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2015-01-06 04:11:00 BCF7FA61D9CAC73246D82137638D5DC6 19283456 ----a-w- C:\Windows\Sysnative\mshtml.dll

2015-01-06 04:10:58 8BCC246F6A71B89339F4EE5513D2EAA5 441856 ----a-w- C:\Windows\Sysnative\html.iec

2015-01-06 04:10:58 3CE2333D4AFD1CC0A5CBD180786A2306 15400960 ----a-w- C:\Windows\Sysnative\ieframe.dll

2015-01-06 04:10:57 C6149EF71171F2A592F0B2599212ECB0 600576 ----a-w- C:\Windows\Sysnative\vbscript.dll

2015-01-06 04:10:57 BA2432BDE57C27673047F09F77E2B06B 2655232 ----a-w- C:\Windows\Sysnative\iertutil.dll

2015-01-06 04:10:57 B3368AE3156B28B10566C511B0F4F328 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2015-01-06 04:10:57 ACCABC53006CD62D6110E84A340FEFB9 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2015-01-06 04:10:57 AB60DE2BADBBAB609AEB45DFF8A0B348 1409536 ----a-w- C:\Windows\Sysnative\urlmon.dll

2015-01-06 04:10:57 A1A85CF86615203447E05F81D84EFEA2 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2015-01-06 04:10:57 7E5EFE2543E98D7D6A6557ED704D3DD6 2237952 ----a-w- C:\Windows\Sysnative\wininet.dll

2015-01-06 04:10:56 E97428B9E1D014FC8423D4C8652027E4 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2015-01-06 04:10:56 E79F88BD7D3B0030831A33895D2EC48C 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll

2015-01-06 04:10:56 DE95F90F4CBBB7B61BBADA7CCDAECBD8 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2015-01-06 04:10:56 D9EEE1D8F9437EAF419225344FA33F56 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2015-01-06 04:10:56 B2AB6177F165F6406C1FF584DBEBBFA8 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2015-01-06 04:10:55 D3486D21223EA67722342F414E8625AF 451584 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2015-01-06 04:10:55 A0DCEB078020B6D0D7AB3512A0F59D6C 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2015-01-06 04:10:55 9F518C52560E54F667D4BA807B6EE0E2 197120 ----a-w- C:\Windows\Sysnative\msrating.dll

2015-01-06 04:10:55 51208D0F32FFE944C7FDD875CF2F7298 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2015-01-06 04:10:55 4FE1C342399D0C7D6A86F426688F6A91 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2015-01-06 04:10:55 4EF2DC6E6926F9C8E57E1022358A34E3 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2015-01-06 04:10:55 30EBCA6157B0A6D6F73385EBAC2FA712 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2015-01-06 04:10:55 2FF748C3C69BB00450B29665A7C29C63 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2015-01-06 04:10:55 0EDBA99E21EDEB959884797642C07F29 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

====== C:\Windows\Sysnative\drivers =====

2015-01-07 22:54:57 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2015-01-07 22:54:44 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2015-01-07 22:54:44 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2015-01-07 22:54:44 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2015-01-07 05:43:20 B5CA6DD525F725FE3FE66184D41CA141 35064 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys

2014-12-15 08:08:41 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-12-14 10:48:15 -------- d-----w- C:\PROGRA~2\NetRatingsNetSight

======= C: =====

====== C:\Users\John\AppData\Roaming ======

2014-12-15 08:15:28 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG

2014-12-15 08:14:54 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg

2014-12-15 08:13:10 -------- d-----w- C:\Users\John\AppData\Roaming\AVG

2014-12-15 08:12:25 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg

2014-12-15 08:09:02 -------- d-----w- C:\Users\John\AppData\Local\Avg

====== C:\Users\John ======

2015-01-08 00:01:07 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19 (2).exe

2015-01-07 23:29:42 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19 (1).exe

2015-01-07 23:08:42 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19.exe

2015-01-07 22:50:11 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 22:30:18 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\John\Downloads\JRT.exe

2015-01-07 22:20:33 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\John\Downloads\AdwCleaner.exe

2015-01-07 05:43:18 -------- d-----w- C:\ProgramData\RogueKiller

2015-01-07 05:37:38 97F8142C23601D4FE2899D4D007B95C8 15339096 ----a-w- C:\Users\John\Downloads\RogueKiller.exe

2015-01-07 05:18:37 B050B27B87B334DBA50D0C334D193373 2123776 ----a-w- C:\Users\John\Downloads\FRST64.exe

2014-12-15 08:13:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015

2014-12-15 08:07:53 -------- d-----w- C:\ProgramData\AVG

 

====== C: exe-files ==

2015-01-08 00:01:07 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19 (2).exe

2015-01-07 23:29:42 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19 (1).exe

2015-01-07 23:08:42 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\John\Downloads\Windows-KB890830-x64-V5.19.exe

2015-01-07 22:50:11 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 22:31:10 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2015-01-07 22:30:18 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\John\Downloads\JRT.exe

2015-01-07 22:20:33 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\John\Downloads\AdwCleaner.exe

2015-01-07 05:37:38 97F8142C23601D4FE2899D4D007B95C8 15339096 ----a-w- C:\Users\John\Downloads\RogueKiller.exe

2015-01-07 05:18:37 B050B27B87B334DBA50D0C334D193373 2123776 ----a-w- C:\Users\John\Downloads\FRST64.exe

2015-01-06 04:10:57 6BF8F430BCE8D474880389D111E25964 775312 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2015-01-06 04:10:57 55F99137468CF692802C7C192C422F2C 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2015-01-06 04:10:56 E628EF5D8D8E9ED59E5907540468F9BA 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2015-01-06 04:10:55 91555BDD8628B7FE3A823C4D1CB705FE 485376 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2015-01-06 04:10:55 8CFF3C79C48458398A9B33B85977EF0C 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-01-06 04:10:55 51208D0F32FFE944C7FDD875CF2F7298 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2015-01-06 04:10:55 30EBCA6157B0A6D6F73385EBAC2FA712 51712 ----a-w- C:\Windows\System32\ie4uinit.exe

=== C: other files ==

2015-01-07 22:54:57 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-01-07 22:54:44 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-01-07 22:54:44 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-01-07 22:54:44 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-01-07 22:31:10 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\misc.bat

2015-01-07 22:31:10 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\prelim.bat

2015-01-07 22:31:10 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\TDL4.bat

2015-01-07 22:31:10 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\get.bat

2015-01-07 22:31:10 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\medfos.bat

2015-01-07 22:31:10 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\surfvox.bat

2015-01-07 22:31:10 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\runvalues.bat

2015-01-07 22:31:10 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\searchlnk.bat

2015-01-07 22:31:10 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\firefox.bat

2015-01-07 22:31:10 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\ev_clear.bat

2015-01-07 22:31:10 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\ask.bat

2015-01-07 22:31:10 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\iexplore.bat

2015-01-07 22:31:10 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\delfolders.bat

2015-01-07 22:31:10 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\mws.bat

2015-01-07 22:31:10 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\John\AppData\Local\Temp\jrt\chrome.bat

2015-01-07 05:43:20 B5CA6DD525F725FE3FE66184D41CA141 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="C:\Windows\system32\igfxpers.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

 

==== Startup Registry Disabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AVG_UI"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\AVG\\AVG2015\\avgui.exe\" /TRAYONLY"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\emsisoft anti-malware]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="emsisoft anti-malware"

"hkey"="HKLM"

"command"="\"c:\\program files (x86)\\emsisoft anti-malware\\a2guard.exe\" /d=60"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RTHDVCPL"

"hkey"="HKLM"

"command"=":\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="vProt"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\AVG Web TuneUp\\vprot.exe\""

 

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/10/2014 12:30 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/13/2014 04:49 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/13/2014 04:49 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050 J610 series" ["C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe"]

"C:\Windows\SysNative\tasks\HpWebReg.exe" [C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe]

 

==== Firefox Extensions ======================

 

==== Firefox Plugins ======================

 

 

==== Chromium Look ======================

 

Google Drive - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

WOT - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp

YouTube - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Reset Google Chrome ======================

 

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\o8k7zoad.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=204 folders=48 86198634 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\John\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\John\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Fri 01/09/2015 at 10:32:05.69 ======================
Link to post
Share on other sites

It would appear as if anytime I go to access free content on a number of websites I pick up some virus or other.  My theory is that companies that have popped up in the last few years like netflix, amazon prime are behind it to force people to buy their monthly subscriptions.  I keep picking up one virus after another which affects my computer but I have no subscription to any TV and as I am practically housebound watching free stuff on the web is what gets me through my days.  At some point it is not worth going on these sites as I am spending a lot of my time running all the software I have and checking my computer for viruses.

Link to post
Share on other sites

Install Adblock Plus to Chrome from here: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Install Unchecky to your system from here: http://unchecky.com/ this helps to protect against 3rd party adware that comes bundled with freeware programs.

 

What is the current status of your system, do you have any remaining issues or concerns?

Link to post
Share on other sites

Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Cheers,

 

Kevin....

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.