Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Advent DT2315. Empowering Technology virus

This is a discussion on Advent DT2315. Empowering Technology virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. I reset my computer back to factory settings. i loaded it back with printer and scanner, then i updated it,


 
 
Thread Tools Search this Thread
Old 11-22-2015, 11:03 AM   #1
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



I reset my computer back to factory settings. i loaded it back with printer and scanner, then i updated it, i have Bitdefender antivirus 2014 . when the update was finished i ended up with a pop up window that i cant remove some people say its a virus. i tried Add/Remove and a root kit but to no advail. I did another back to factory settings and still their,

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16446
Run by nudger-tower at 18:24:54 on 2015-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16317.12018 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Keyboard Indicator\KeyboardIndicatorEx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DB88CB23-0873-4833-B080-386C11741A66} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-11-21 1288472]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-11-21 150256]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-20 16152]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2015-11-21 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-11-21 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2015-11-21 76944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-7 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-20 161560]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2015-11-21 363344]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2015-11-21 94624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-20 363800]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2015-11-21 67320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-11-21 647752]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-20 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-11-21 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-20 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2015-11-21 263032]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2015-11-21 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-11-21 82824]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2015-11-21 77632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-11-22 15:49:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-22 15:49:55 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-11-22 15:49:11 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-11-22 14:11:53 -------- d-----w- C:\ProgramData\Visan
2015-11-22 14:11:53 -------- d-----w- C:\ProgramData\HP Photo Creations
2015-11-22 14:11:53 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2015-11-22 14:11:45 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\HpUpdate
2015-11-22 14:11:44 741480 ------w- C:\Windows\System32\HPDiscoPMBC11.dll
2015-11-22 14:11:31 -------- d-----w- C:\Program Files (x86)\HP
2015-11-22 14:11:29 -------- d-----w- C:\Program Files\HP
2015-11-22 14:10:59 -------- d-----w- C:\Users\nudger-tower\AppData\Local\HP
2015-11-22 14:03:56 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2015-11-21 21:11:58 -------- d-----w- C:\Program Files\Common Files\AV
2015-11-21 21:08:32 647752 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-11-21 21:08:16 34384 ----a-w- C:\Windows\System32\bdsandboxuh.dll
2015-11-21 21:07:53 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2015-11-21 21:07:41 84848 ----a-w- C:\Windows\System32\bdsandboxuiskin.dll
2015-11-21 2105 -------- d-----w- C:\ProgramData\BDLogging
2015-11-21 2102 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2015-11-21 2101 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2015-11-21 2101 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2015-11-21 2101 511328 ----a-w- C:\Windows\capicom.dll
2015-11-21 21:05:55 263032 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-11-21 21:05:54 1288472 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-11-21 21:05:49 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\Bitdefender
2015-11-21 21:05:46 2216 ----a-w- C:\ProgramData\1448139841.5004.bin
2015-11-21 21:00:19 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\Malwarebytes
2015-11-21 20:59:38 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2015-11-21 20:59:38 -------- d-----w- C:\ProgramData\Malwarebytes
2015-11-21 20:59:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-11-21 20:59:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-11-21 20:49:46 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\SUPERAntiSpyware.com
2015-11-21 20:49:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-11-21 20:49:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-11-21 20:43:36 -------- d-----w- C:\Users\nudger-tower\AppData\Local\Google
2015-11-21 20:40:47 -------- d-----w- C:\Users\nudger-tower\AppData\Local\DSG_Retail_Ltd
2015-11-21 20:40:34 -------- d-----w- C:\Users\nudger-tower\AppData\Local\ATI
2015-11-21 20:40:06 2620928 ----a-w- C:\Windows\System32\wucltux.dll
.
==================== Find3M ====================
.
2015-11-21 21:20:31 558 ----a-w- C:\ProgramData\1448139841.1792.bin
2015-11-21 21:20:31 558 ----a-w- C:\ProgramData\1448139841.1404.bin
2015-11-21 21:20:31 45238 ----a-w- C:\ProgramData\1448139841.1480.bin
2015-11-21 21:20:31 3735 ----a-w- C:\ProgramData\1448139841.3688.bin
2015-11-21 21:20:31 228372 ----a-w- C:\ProgramData\1448139841.2500.bin
2015-11-21 21:20:31 1731065 ----a-w- C:\ProgramData\1448139841.4300.bin
2015-11-21 21:20:31 15990 ----a-w- C:\ProgramData\1448139841.3600.bin
2015-11-21 21:20:31 13936 ----a-w- C:\ProgramData\1448139841.4436.bin
2015-11-21 21:20:31 110270 ----a-w- C:\ProgramData\1448139841.1800.bin
2015-11-21 21:20:31 10648 ----a-w- C:\ProgramData\1448139841.2516.bin
2015-11-21 21:08:18 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-11-21 21:08:16 452040 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-11-21 21:04:53 1451 ----a-w- C:\ProgramData\1448139841.3988.bin
.
============= FINISH: 18:25:10.88 ===============
Attached Files
File Type: txt attach.txt (3.6 KB, 16 views)
File Type: txt dds.txt (14.7 KB, 29 views)
nudger44 is offline  
Sponsored Links
Advertisement
 
Old 11-22-2015, 05:07 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It's not a virus. You have an Advent DT2 motherboard.

What does the popup say exactly?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-23-2015, 01:17 AM   #3
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi Chemist first thanks for your help.
i have attached a screen shot of the pop-up. if i put me curser on it the curser dissapears. i tried to do a printScrn shot but it didnt show, i have included the reports you asked for. tks
Attached Thumbnails
Click image for larger version

Name:	screen shot.jpg
Views:	77
Size:	183.7 KB
ID:	263034  
Attached Files
File Type: txt FRST.txt (124.2 KB, 28 views)
File Type: txt Addition.txt (29.7 KB, 35 views)
File Type: txt AdwCleaner[C1].txt (816 Bytes, 23 views)
File Type: txt AdwCleaner[S1].txt (718 Bytes, 31 views)
nudger44 is offline  
Sponsored Links
Advertisement
 
Old 11-23-2015, 12:11 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello nudger44. Have you recently accessed your BIOS?

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\Advent Website.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBADVENTWEBSITE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHW" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBLIVEDRIVE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBCRY" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBDIX" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCW" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPIX" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBEMU" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\PCWorld Digital Gaming.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCWGAME" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBTIMESONLINE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHM" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBYT" <==== ATTENTION
    C:\Program Files (x86)\TTG
    AlternateDataStreams: C:\Users\nudger-tower\Desktop\AdwCleaner.exe:BDU
    AlternateDataStreams: C:\Users\nudger-tower\Desktop\dds.scr:BDU
    AlternateDataStreams: C:\Users\nudger-tower\Desktop\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\nudger-tower\Desktop\mbar-1.09.3.1001.exe:BDU
    AlternateDataStreams: C:\Users\nudger-tower\Downloads\mbar-1.09.3.1001.exe:BDU
    AlternateDataStreams: C:\Users\nudger-tower\Downloads\PS7520_1315-1.exe:BDU
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-21-1765453034-321040294-3710182595-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    SearchScopes: HKU\S-1-5-21-1765453034-321040294-3710182595-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
    CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gears.dll => No File
    CHR Plugin: (Norton Confidential) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll => No File
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Offers" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-23-2015, 12:35 PM   #5
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi chemist.
no i have not been into bios.
the pop-up went after running the 2 programs when the computer was restarted. have attached the log as requested
Attached Files
File Type: txt Fixlog.txt (10.5 KB, 22 views)
nudger44 is offline  
Old 11-23-2015, 01:12 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nudger44. You're very welcome.

Quote:
the pop-up went after running the 2 programs when the computer was restarted
Do you mean the popup no longer appears?

------------------------------------------------------

AVG PC Tuneup 2015

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

Let me know if you uninstalled it. Thanks.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-24-2015, 07:20 AM   #7
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



Hi chemist, yes i mean the pop no longer apears. Yes i have uninstalled AVP PC TuneUP 2015, i have attached the 6 threats as asked , talk to you sure. thanks Nudger

C:\Program Files\KMSpico\AutoPico.exe MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting - quarantined
C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting - quarantined
C:\Users\nudger-tower\Desktop\xf-mccs6.exe Win32/Keygen.HA potentially unsafe application cleaned by deleting - quarantined
C:\Users\nudger-tower\Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting - quarantined
C:\Users\nudger-tower\Downloads\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting - quarantined
Attached Files
File Type: txt eset.txt (2.0 KB, 28 views)
nudger44 is offline  
Old 11-24-2015, 01:08 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running a pirated(illegal) copy of Windows and/or Office?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-25-2015, 12:35 PM   #9
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



no this is the windows that came when my husband bought it. my granson put the office on for me so i wouldnt know. i dont think it is but cant be 100% and i cant ask him till he return from abroad. hope this helps
nudger44 is offline  
Old 11-25-2015, 01:41 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It appears your grandson put an illegal copy of Office on your machine, using KMSpico which bypasses validation of Office. This forum doesn't support users with illegal softwares. You will have to uninstall Microsoft Office before we can proceed.

You can use this free alternative to Office:

Donate » LibreOffice

After uninstalling Office, and rebooting, please run FRST again, and post/attach the logs as before. Don't forget to tick the Addition.txt box before clicking Scan.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-28-2015, 12:27 AM   #11
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi have deleted the office like you asked and run the FRST AGAIN which i have attached
Attached Files
File Type: txt FRST.txt (161.8 KB, 24 views)
File Type: txt Addition.txt (42.9 KB, 26 views)
nudger44 is offline  
Old 11-28-2015, 01:33 AM   #12
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi i forgot to tick addition text when i run it. heres the new scan
Attached Files
File Type: txt Addition.txt (40.9 KB, 24 views)
File Type: txt FRST.txt (160.1 KB, 25 views)
nudger44 is offline  
Old 11-28-2015, 03:24 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nudger44.

Since you ran FRST the first time, and after I pointed out you had an illegal version of Office installed, you have now installed pirated(illegal) versions of Adobe Acrobat X Pro and Adobe Creative Suite 6 Master Collection.

You have entries in your HOSTS file that are used to bypass activation of Adobe products.

Also, it appears you have since reinstalled a cracked version of Vegas Pro 13.0, which you had a cracktool for in your ESET log.

Did you pay for these recently installed apps:

Quote:
ACID Music Studio 10.0
ArcSoft TotalMedia Theatre 6
ImTOO DVD Ripper Ultimate
ImTOO Movie Maker 6
ImTOO Video Editor 2
RegCure Pro
Stardock ObjectDock
Wondershare DVD Creator
YTD Video Downloader PRO
------------------------------------------------------
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-29-2015, 11:57 AM   #14
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi i am very sorry about all this. i have had a good go a my kids and gran kids about changing this machine. i have got my good daughter to put it back to factory settings so they have nothing on it. she put my antivirus on for me. so i now have a black computer. i can just about follow your instruction so please can you bear with me. i have attached another copy of FRST for you to see. tks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by nudger-tower (administrator) on NUDGER-TOWER- (29-11-2015 19:56:37)
Running from C:\Users\nudger-tower\Desktop
Loaded Profiles: nudger-tower (Available Profiles: nudger-tower)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(DSG Retail Ltd) C:\Applications\Tools\DockBar\DockBar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Keyboard Indicator\KeyboardIndicatorEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1731752 2013-07-24] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [kbIndicatorKeyboardDriver] => C:\Program Files (x86)\Keyboard Indicator\KeyboardIndicatorEx.exe [3412992 2012-03-06] ()
HKLM-x32\...\Run: [KNOWHOW APP CENTRE] => C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.lnk [1409 2012-06-20] ()
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1628264 2012-07-21] (DSG Retail Ltd)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Offers] => C:\Program Files (x86)\TTG\Offers\Offers.exe [1226752 2012-05-29] (DSG Retail Ltd)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [DockBar] => C:\Applications\Tools\DockBar\DockBar.exe [3396608 2012-06-01] (DSG Retail Ltd)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [GoogleChromeAutoLaunch_6306799FAC2A88393585A662F8818A6E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [552920 2013-07-26] (Bitdefender)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1000488 2013-07-31] (Bitdefender)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [613696 2013-07-26] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [552920 2013-07-26] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1000488 2013-07-31] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [613696 2013-07-26] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2013-07-08] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5DADFAFB-A71A-4A6A-A83E-B687E83F3903}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGP&bmod=DSGP
SearchScopes: HKU\S-1-5-21-3433442279-2302852343-478320050-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2013-07-24] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2013-07-24] (Bitdefender)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-06-20] ()
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll [2013-07-24] (Bitdefender)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2010-10-15] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-08-02] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-11-29]
CHR Extension: (iCloud Bookmarks) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-29]
CHR Extension: (AdBlock) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-29]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\nudger-tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [75584 2013-07-05] (Bitdefender)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-06-19] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1505688 2013-07-24] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [109056 2013-01-29] (BitDefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2012-10-04] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 19:56 - 2015-11-29 19:56 - 00014555 _____ C:\Users\nudger-tower\Desktop\FRST.txt
2015-11-29 19:55 - 2015-11-29 19:55 - 00443837 _____ C:\ProgramData\1448826683.bdinstall.bin
2015-11-29 19:53 - 2015-11-29 19:53 - 00000684 ____H C:\bdr-cf01
2015-11-29 19:53 - 2015-11-29 19:53 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2015-11-29 19:53 - 2015-11-29 19:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-11-29 19:53 - 2015-11-29 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2015-11-29 19:53 - 2015-11-29 19:53 - 00000000 ____D C:\ProgramData\BDLogging
2015-11-29 19:53 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-11-29 19:52 - 2015-11-29 19:53 - 00253404 ____H C:\bdr-ld01
2015-11-29 19:52 - 2015-11-29 19:53 - 00009216 ____H C:\bdr-ld01.mbr
2015-11-29 19:52 - 2015-11-29 19:53 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Bitdefender
2015-11-29 19:52 - 2013-07-23 16:50 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-11-29 19:52 - 2013-07-19 18:08 - 00601360 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-11-29 19:52 - 2013-07-19 18:04 - 00727592 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-11-29 19:52 - 2013-06-25 18:20 - 38518480 ____H C:\bdr-im01.gz
2015-11-29 19:52 - 2013-02-22 19:46 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-11-29 19:52 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-11-29 19:52 - 2012-08-15 15:28 - 02510608 ____H C:\bdr-bz01
2015-11-29 19:52 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-11-29 19:51 - 2015-11-29 19:53 - 00000000 ____D C:\ProgramData\Bitdefender
2015-11-29 19:51 - 2015-11-29 19:52 - 00000000 ____D C:\Program Files\Bitdefender
2015-11-29 19:51 - 2015-11-29 19:51 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\QuickScan
2015-11-29 19:51 - 2015-11-29 19:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-11-29 19:51 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-11-29 19:51 - 2012-10-04 14:30 - 00147232 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-11-29 19:43 - 2015-11-29 19:56 - 00000000 ____D C:\FRST
2015-11-29 19:42 - 2015-11-29 19:42 - 02350080 _____ (Farbar) C:\Users\nudger-tower\Desktop\FRST64.exe
2015-11-29 19:39 - 2015-11-29 19:39 - 00929872 _____ (Google Inc.) C:\Users\nudger-tower\Downloads\ChromeSetup.exe
2015-11-29 19:32 - 2015-11-29 19:32 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-11-29 19:32 - 2015-11-29 19:32 - 00000000 ____D C:\Windows\RemotePackages
2015-11-29 19:32 - 2015-11-29 19:32 - 00000000 ____D C:\Windows\CSC
2015-11-29 19:32 - 2009-06-10 20:31 - 00051867 _____ C:\Windows\Ultimate.xml
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-29 19:24 - 2015-11-29 19:24 - 00000000 ____D C:\Program Files\WinRAR
2015-11-29 19:22 - 2015-11-29 19:39 - 00000000 ____D C:\Users\nudger-tower\AppData\Local\Google
2015-11-29 19:22 - 2015-11-29 19:22 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Adobe
2015-11-29 19:04 - 2015-11-29 19:49 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar
2015-11-29 19:04 - 2015-11-29 19:04 - 00000000 ____D C:\Users\nudger-tower\AppData\Local\DSG_Retail_Ltd
2015-11-29 19:03 - 2015-11-29 19:03 - 00001450 _____ C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-29 19:03 - 2015-11-29 19:03 - 00001416 _____ C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-29 19:03 - 2015-11-29 19:03 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\ATI
2015-11-29 19:03 - 2015-11-29 19:03 - 00000000 ____D C:\Users\nudger-tower\AppData\Local\ATI
2015-11-29 19:02 - 2015-11-29 19:03 - 00000000 ____D C:\Users\nudger-tower
2015-11-29 19:02 - 2015-11-29 19:02 - 00057560 _____ C:\Users\nudger-tower\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-29 19:02 - 2015-11-29 19:02 - 00000020 ___SH C:\Users\nudger-tower\ntuser.ini
2015-11-29 19:02 - 2015-11-29 19:02 - 00000000 _SHDL C:\Users\nudger-tower\My Documents
2015-11-29 19:02 - 2015-11-29 19:02 - 00000000 _SHDL C:\Users\nudger-tower\Documents\My Videos
2015-11-29 19:02 - 2015-11-29 19:02 - 00000000 _SHDL C:\Users\nudger-tower\Documents\My Pictures
2015-11-29 19:02 - 2015-11-29 19:02 - 00000000 _SHDL C:\Users\nudger-tower\Documents\My Music
2015-11-29 19:02 - 2015-11-29 19:02 - 00000000 ____D C:\Users\nudger-tower\AppData\Local\VirtualStore
2015-11-29 19:02 - 2014-05-14 16:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-29 19:02 - 2014-05-14 16:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-29 19:02 - 2014-05-14 16:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-29 19:02 - 2014-05-14 16:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-29 19:02 - 2014-05-14 16:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-29 19:02 - 2014-05-14 16:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-29 19:02 - 2014-05-14 16:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-29 19:02 - 2014-05-14 16:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-29 19:02 - 2014-05-14 16:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-29 19:02 - 2014-05-14 16:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-29 19:02 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-29 19:02 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-29 19:02 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-29 19:02 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-29 19:02 - 2012-06-20 13:24 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Macromedia
2015-11-29 19:02 - 2010-11-21 07:16 - 00000000 ____D C:\Users\nudger-tower\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 01:14 - 2009-07-14 05:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template
2015-11-29 19:53 - 2009-07-14 05:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 19:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-11-29 19:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-11-29 19:49 - 2012-06-20 13:24 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 19:49 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 19:45 - 2009-07-14 04:45 - 00031760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-29 19:45 - 2009-07-14 04:45 - 00031760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-29 19:44 - 2012-06-20 13:24 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 19:39 - 2012-06-20 13:24 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-29 19:39 - 2012-06-20 13:24 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 19:39 - 2012-06-20 13:24 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 19:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2015-11-29 19:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-29 19:27 - 2012-06-20 13:43 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 19:27 - 2012-06-20 13:24 - 00000000 ____D C:\ProgramData\Partner
2015-11-29 19:27 - 2012-06-20 13:24 - 00000000 ____D C:\Program Files\Google
2015-11-29 19:27 - 2012-06-20 13:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-29 19:08 - 2012-06-20 13:43 - 00000000 ____D C:\Program Files (x86)\Spotify
2015-11-29 19:04 - 2011-02-24 09:58 - 00000000 ____D C:\ProgramData\TTG
2015-11-29 19:02 - 2011-02-22 19:50 - 00000000 ____D C:\Windows\Panther
2015-11-29 18:01 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-29 17:57 - 2012-06-20 12:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

==================== Files in the root of some directories =======

2015-11-29 19:55 - 2015-11-29 19:55 - 0443837 _____ () C:\ProgramData\1448826683.bdinstall.bin

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-06-20 13:57

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (17.5 KB, 24 views)
File Type: txt FRST.txt (24.5 KB, 20 views)
nudger44 is offline  
Old 11-29-2015, 01:15 PM   #15
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



forgot to add this file
Attached Files
File Type: txt ckfiles.txt (127 Bytes, 29 views)
nudger44 is offline  
Old 11-29-2015, 03:10 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nudger44. You're very welcome. Any problems since you factory restored?

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\Advent Website.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBADVENTWEBSITE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHW" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBLIVEDRIVE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBCRY" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBDIX" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCW" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPIX" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBEMU" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\PCWorld Digital Gaming.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCWGAME" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBTIMESONLINE" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHM" <==== ATTENTION
    ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBYT" <==== ATTENTION
    HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1628264 2012-07-21] (DSG Retail Ltd)
    HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Offers] => C:\Program Files (x86)\TTG\Offers\Offers.exe [1226752 2012-05-29] (DSG Retail Ltd)
    C:\Program Files (x86)\TTG
    SearchScopes: HKU\S-1-5-21-3433442279-2302852343-478320050-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    2015-11-29 19:27 - 2012-06-20 13:43 - 00000000 ____D C:\ProgramData\Norton
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-05-2015, 01:08 PM   #17
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



sorry for delay in sending back reoprt. have been away for abit

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by nudger-tower (2015-12-05 20:57:22) Run:1
Running from C:\Users\nudger-tower\Desktop
Loaded Profiles: nudger-tower (Available Profiles: nudger-tower)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\Advent Website.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBADVENTWEBSITE" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHW" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBLIVEDRIVE" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBCRY" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBDIX" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCW" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPIX" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBEMU" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\PCWorld Digital Gaming.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBPCWGAME" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBTIMESONLINE" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBKHM" <==== ATTENTION
ShortcutWithArgument: C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk -> C:\Applications\Tools\LinkLauncher\LinkLauncher.exe (Microsoft) -> "hxxp://comms.dsgioemcomputing.com/?model=Q312ADVDBYT" <==== ATTENTION
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Reminder] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1628264 2012-07-21] (DSG Retail Ltd)
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\...\Run: [Offers] => C:\Program Files (x86)\TTG\Offers\Offers.exe [1226752 2012-05-29] (DSG Retail Ltd)
C:\Program Files (x86)\TTG
SearchScopes: HKU\S-1-5-21-3433442279-2302852343-478320050-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
2015-11-29 19:27 - 2012-06-20 13:43 - 00000000 ____D C:\ProgramData\Norton
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\Advent Website.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\GET THE KNOWHOW™.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Support\LiveDrive.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Currys.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Dixons.co.uk.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\PC World.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Shopping\Pixmania.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\eMusic.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\PCWorld Digital Gaming.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\The Times & Sunday Times digital subscription.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\WE KNOWHOW™ TO BRING YOU GREAT MOVIES AND TV!.lnk => Shortcut argument removed successfully.
C:\Users\nudger-tower\AppData\Roaming\Microsoft\Windows\Start Menu\DockBar\Shortcuts\Entertainment\YouTube.lnk => Shortcut argument removed successfully.
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Reminder => value removed successfully
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Offers => value removed successfully
C:\Program Files (x86)\TTG => moved successfully
HKU\S-1-5-21-3433442279-2302852343-478320050-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\ProgramData\Norton => moved successfully
EmptyTemp: => 589.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:57:40 ====
Attached Files
File Type: txt Fixlog.txt (6.8 KB, 27 views)
nudger44 is offline  
Old 12-05-2015, 09:31 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nudger44. How is the machine behaving?

Let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-06-2015, 06:39 AM   #19
Registered Member
 
Join Date: Nov 2015
Posts: 11
OS: windows 7



hi since i reset it back to factory its been fine , runnig ok
nudger44 is offline  
Old 12-06-2015, 01:30 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Glad you got it sorted.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
Redirecting and virus problems
My computer is redirecting and im sure i have a virus. When i try to run gmer it shuts my computer down even when only checking sections and c drive. Here is the logs that i could get. Thanks in advance. Timmy This is not the same computer as my previous problems. Thanks timmy DDS...
toliver30471 Resolved HJT Threads 21 02-23-2011 05:09 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:20 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts