Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Unknown virus/malware starting with Web Bar

This is a discussion on Unknown virus/malware starting with Web Bar within the Resolved HJT Threads forums, part of the Tech Support Forum category. My parents woke up to a pop-up on the computer this morning telling them of suspected suspicious activity that they


 
 
Thread Tools Search this Thread
Old 02-08-2016, 02:26 PM   #1
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



My parents woke up to a pop-up on the computer this morning telling them of suspected suspicious activity that they were not able to close out. The pop-ups claimed to be from Microsoft (first time) and recommended they call a phone number. My parents called the number and allowed the person to access the computer remotely before they contacted me. They pointed out Web Bar and my parents did noticed it but did not install it. Web Bar was also new this morning. I was able to close out the pop ups and run Malwarebytes and AVG virus scan which found 1 virus that I can't remember the name of that I was able to clean. I also uninstalled Web Bar and when I opened Firefox I got similar pop-ups but this time claiming to be from Cox (ISP) with a different phone number. I did not call the number and just closed out the screens. Then I rebooted in safe mode and ran AVG again and it did not find anything. The only thing new that was downloaded yesterday was the Chrome Browser that my sister needed to do some school work for some reason.

Will put logs in reply below....
Nikeman123 is offline  
Sponsored Links
Advertisement
 
Old 02-08-2016, 02:30 PM   #2
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



Computer had Windows 8 originally but has been upgraded to Windows 10 via free upgrade provided by microsfot online. I do not have a Windows 10 or Windows 8 CD

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16603 BrowserJavaVersion: 11.51.2
Run by cwilm_000 at 17:15:13 on 2016-02-08
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.6008.3134 [GMT -5:00]
.
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dashost.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\loggingserver.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
svchost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\cwilm_000\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
C:\Users\cwilm_000\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\DTHtml.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
C:\WINDOWS\system32\taskhostw.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com?cid={3398ADCA-77DE-45CD-8EC4-4900E3AAD9EA}&mid=0e04b49f41ef47d39cc6d977c86c227d-95721ec6e914349605d7cda3bb3a35f6132b3bc2&lang=en&ds=AVG&coid=avgtbavg&cmpid=1114tb&pr=pr&d=2014-04-18 18:36:24&v=18.9.0.231&pid=safeguard&sg=&sap=hp
uSearch Bar = Preserve
uProxyOverride = <local>;*.local
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.2.0.326\AVG SafeGuard toolbar_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.2.0.326\AVG SafeGuard toolbar_toolbar.dll
uRun: [Akamai NetSession Interface] "C:\Users\cwilm_000\AppData\Local\Akamai\netsession_win.exe"
uRun: [HP Officejet 5740 series (NET)] "C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH52I330FN05ZF:NW" -scfn "HP Officejet 5740 series (NET)" -AutoStart 1
uRun: [OneDrive] "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRunOnce: [Uninstall C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
uRunOnce: [Uninstall C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
uRunOnce: [Uninstall C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
uRunOnce: [Uninstall C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\cwilm_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CWILM_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{039f9e29-49f2-4b81-9ef2-66c636818dfc} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{089e1dcb-2cb9-4845-8d73-a2e9ff2071ef} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
x64-TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.2.0.326\AVG SafeGuard toolbar_toolbar.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cwilm_000\AppData\Roaming\Mozilla\Firefox\Profiles\8ta9wgxy.default\
FF - prefs.js: browser.search.selectedEngine - Groovorio
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\cwilm_000\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - plugin: C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 297904]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2015-8-4 250800]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-11-11 644968]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-11 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2015-6-26 315312]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2015-8-4 304560]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2012-10-19 92536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-12-8 8192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-6-19 89600]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-10-30 3642280]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-10-30 335656]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-15 2787512]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 25800]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-7-17 2468496]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-10-22 330136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-19 129336]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-19 167736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-2-8 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-2-8 1135416]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-10-19 109360]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 vToolbarUpdater19.2.0;vToolbarUpdater19.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe [2016-1-26 1875528]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 i8042HDR;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\i8042HDR.sys [2015-8-9 15920]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-10-3 38976]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-2-8 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-2-8 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-2-8 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2015-6-12 2554528]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\drivers\RtsPStor.sys [2015-6-3 374016]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\WINDOWS\System32\drivers\rtbth.sys [2015-6-3 1219200]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 tilfilter;TI xHCI Lower Filter Driver Service;C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [2015-3-2 17672]
R3 tiufilter;TI xHCI Upper Filter Driver Service;C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [2015-3-2 23304]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2015-3-27 21152]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-10-3 50240]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-9 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-9 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-9 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-11 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2016-02-08 22:10:01 16148 ----a-w- C:\WINDOWS\System32\WINDOWS8_cwilm_000_HistoryPrediction.bin
2016-02-08 17:32:28 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-02-08 17:32:00 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-02-08 17:32:00 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-02-08 17:32:00 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-02-08 17:32:00 -------- d-----w- C:\ProgramData\Malwarebytes
2016-02-08 17:32:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-07 18:37:11 -------- d-----w- C:\Users\cwilm_000\AppData\Local\CEF
2016-02-07 00:33:03 -------- d-----w- C:\ProgramData\661ac67e-7fe1-0
2016-02-07 00:33:03 -------- d-----w- C:\ProgramData\661ac67e-3895-1
2016-02-07 00:32:50 -------- d-----w- C:\Users\cwilm_000\AppData\Local\Google
2016-02-03 13:26:55 -------- d-----w- C:\Users\cwilm_000\AppData\Local\Apple Computer
2016-02-03 13:26:31 -------- d-----w- C:\Program Files\iTunes
2016-02-03 13:26:31 -------- d-----w- C:\Program Files\iPod
2016-02-03 13:26:31 -------- d-----w- C:\Program Files (x86)\iTunes
2016-02-03 13:25:46 -------- d-----w- C:\Users\cwilm_000\AppData\Local\Apple
2016-02-03 13:25:36 -------- d-----w- C:\Program Files\Bonjour
2016-02-03 13:25:36 -------- d-----w- C:\Program Files (x86)\Bonjour
2016-01-25 22:09:09 -------- d-----w- C:\ProgramData\Avg_Update_0116av
2016-01-23 23:41:08 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7B9AA5F-3FD7-4964-BCC9-662B744E0DA2}\mpengine.dll
2016-01-22 19:07:42 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-01-21 18:00:27 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FCE888C-19D7-4F37-82A1-40633AA21B45}\gapaengine.dll
2016-01-13 10:14:22 466728 ----a-w- C:\WINDOWS\System32\coin99itp.dll
2016-01-13 10:14:16 466728 ----a-w- C:\WINDOWS\System32\coin99ip.dll
2016-01-13 10:11:59 379392 ----a-w- C:\WINDOWS\System32\qdvd.dll
.
==================== Find3M ====================
.
2016-01-05 03:07:02 377592 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL
2016-01-05 03:07:00 2463704 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-01-05 0357 8022368 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-01-05 0356 1270104 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-01-05 0356 119800 ----a-w- C:\WINDOWS\System32\MP3DMOD.DLL
2016-01-05 0355 1063504 ----a-w- C:\WINDOWS\System32\msmpeg2adec.dll
2016-01-05 0343 1991120 ----a-w- C:\WINDOWS\System32\WMVENCOD.DLL
2016-01-05 02:59:40 781976 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-01-05 02:52:47 441696 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-01-05 02:50:47 723648 ----a-w- C:\WINDOWS\System32\generaltel.dll
2016-01-05 02:50:31 205072 ----a-w- C:\WINDOWS\System32\COLORCNV.DLL
2016-01-05 02:50:31 1083072 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-01-05 02:50:29 345080 ----a-w- C:\WINDOWS\System32\WMVSDECD.DLL
2016-01-05 02:50:27 251544 ----a-w- C:\WINDOWS\System32\MP43DECD.DLL
2016-01-05 02:50:27 1817064 ----a-w- C:\WINDOWS\System32\WMALFXGFXDSP.dll
2016-01-05 02:31:19 1365576 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2016-01-05 02:30:46 882208 ----a-w- C:\WINDOWS\SysWow64\msmpeg2adec.dll
2016-01-05 02:30:28 2152744 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-01-05 02:30:27 368776 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL
2016-01-05 02:30:23 1106872 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-01-05 02:30:21 100712 ----a-w- C:\WINDOWS\SysWow64\MP3DMOD.DLL
2016-01-05 02:30:19 2162064 ----a-w- C:\WINDOWS\SysWow64\WMVENCOD.DLL
2016-01-05 02:30:14 2459096 ----a-w- C:\WINDOWS\SysWow64\WMVDECOD.DLL
2016-01-05 02:30:06 232896 ----a-w- C:\WINDOWS\SysWow64\RESAMPLEDMO.DLL
2016-01-05 02:29:53 208688 ----a-w- C:\WINDOWS\SysWow64\mftranscode.dll
2016-01-05 02:28:56 635312 ----a-w- C:\WINDOWS\SysWow64\evr.dll
2016-01-05 02:28:45 72808 ----a-w- C:\WINDOWS\SysWow64\mfvdsp.dll
2016-01-05 02:28:31 645144 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-01-05 02:28:19 277400 ----a-w- C:\WINDOWS\SysWow64\MPG4DECD.DLL
2016-01-05 02:28:19 2445128 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2016-01-05 02:28:17 107952 ----a-w- C:\WINDOWS\SysWow64\VIDRESZR.DLL
2016-01-05 02:28:13 696192 ----a-w- C:\WINDOWS\SysWow64\WMADMOE.DLL
2016-01-05 02:28:13 695752 ----a-w- C:\WINDOWS\SysWow64\WMADMOD.DLL
2016-01-05 02:28:07 82096 ----a-w- C:\WINDOWS\SysWow64\devenum.dll
2016-01-05 02:28:07 714808 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-01-05 02:28:02 497896 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2016-01-05 02:28:01 116728 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2016-01-05 02:21:40 658528 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-01-05 02:18:19 21873152 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-01-05 02:15:58 931328 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL
2016-01-05 02:15:34 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-01-05 02:15:04 42496 ----a-w- C:\WINDOWS\System32\usermgrcli.dll
2016-01-05 02:10:49 539136 ----a-w- C:\WINDOWS\System32\mfh264enc.dll
2016-01-05 02:10:26 305776 ----a-w- C:\WINDOWS\SysWow64\WMVSDECD.DLL
2016-01-05 02:10:25 278424 ----a-w- C:\WINDOWS\SysWow64\MP43DECD.DLL
2016-01-05 02:10:25 188032 ----a-w- C:\WINDOWS\SysWow64\COLORCNV.DLL
2016-01-05 02:09:22 205312 ----a-w- C:\WINDOWS\System32\aepic.dll
2016-01-05 02:09:22 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2016-01-05 02:02:46 1672192 ----a-w- C:\WINDOWS\System32\quartz.dll
2016-01-05 02:02:13 678912 ----a-w- C:\WINDOWS\System32\qedit.dll
2016-01-05 02:01:34 305664 ----a-w- C:\WINDOWS\System32\ksproxy.ax
2016-01-05 02:00:01 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-01-05 01:59:56 572928 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-01-05 01:57:35 578560 ----a-w- C:\WINDOWS\System32\winlogon.exe
2016-01-05 01:57:35 455168 ----a-w- C:\WINDOWS\System32\schannel.dll
2016-01-05 01:57:28 712704 ----a-w- C:\WINDOWS\System32\usermgr.dll
2016-01-05 01:56:18 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-01-05 01:51:52 1009664 ----a-w- C:\WINDOWS\System32\WMSPDMOD.DLL
2016-01-05 01:51:41 1255936 ----a-w- C:\WINDOWS\System32\WMSPDMOE.DLL
2016-01-05 01:51:37 447488 ----a-w- C:\WINDOWS\System32\WMVSENCD.DLL
2016-01-05 01:51:33 634368 ----a-w- C:\WINDOWS\System32\WMVXENCD.DLL
2016-01-05 01:51:30 463872 ----a-w- C:\WINDOWS\System32\MFWMAAEC.DLL
2016-01-05 01:44:54 159744 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-01-05 01:44:37 33280 ----a-w- C:\WINDOWS\SysWow64\usermgrcli.dll
2016-01-05 01:42:16 871936 ----a-w- C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL
2016-01-05 01:38:09 556032 ----a-w- C:\WINDOWS\SysWow64\mfh264enc.dll
2016-01-05 01:32:29 1541632 ----a-w- C:\WINDOWS\SysWow64\quartz.dll
2016-01-05 01:32:01 573440 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2016-01-05 01:31:52 563200 ----a-w- C:\WINDOWS\SysWow64\qdvd.dll
2016-01-05 01:31:22 235008 ----a-w- C:\WINDOWS\SysWow64\ksproxy.ax
2016-01-05 01:30:54 18802176 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-01-05 01:29:13 503296 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2016-01-05 01:26:48 373760 ----a-w- C:\WINDOWS\SysWow64\schannel.dll
2016-01-05 01:24:15 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-01-05 01:20:06 890880 ----a-w- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
2016-01-05 01:19:55 409088 ----a-w- C:\WINDOWS\SysWow64\WMVSENCD.DLL
2016-01-05 01:19:55 1070080 ----a-w- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
2016-01-05 01:19:42 747008 ----a-w- C:\WINDOWS\SysWow64\WMVXENCD.DLL
2016-01-05 01:19:41 404992 ----a-w- C:\WINDOWS\SysWow64\MFWMAAEC.DLL
2016-01-03 01:40:14 826872 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-01-03 01:40:14 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 03:39:31 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-12-01 07:01:29 2115936 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2015-12-01 06:03:10 8192 ----a-w- C:\WINDOWS\System32\drivers\gpuenergydrv.sys
2015-12-01 05:49:35 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-12-01 05:02:29 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-11-25 05:42:36 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-11-25 05:42:07 168288 ----a-w- C:\WINDOWS\System32\NetworkUXBroker.exe
2015-11-25 05:41:58 1822280 ----a-w- C:\WINDOWS\System32\ntdll.dll
2015-11-25 05:40:09 516448 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2015-11-25 05:32:20 113184 ----a-w- C:\WINDOWS\System32\userenv.dll
2015-11-25 05:27:50 1366680 ----a-w- C:\WINDOWS\System32\user32.dll
2015-11-25 05:12:23 4047288 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-11-25 05:11:20 1532984 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2015-11-25 05:09:01 1310880 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2015-11-25 04:59:58 92992 ----a-w- C:\WINDOWS\SysWow64\userenv.dll
2015-11-25 04:49:57 1569280 ----a-w- C:\WINDOWS\System32\Windows.Globalization.dll
2015-11-25 04:49:12 498688 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-11-25 04:49:03 467456 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll
2015-11-25 04:49:00 270336 ----a-w- C:\WINDOWS\System32\RasMediaManager.dll
.
============= FINISH: 17:16:00.74 ===============
Attached Files
File Type: txt attach.txt (13.6 KB, 19 views)
Nikeman123 is offline  
Old 02-11-2016, 03:42 PM   #3
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7


Bump please
Nikeman123 is offline  
Sponsored Links
Advertisement
 
Old 02-12-2016, 01:36 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Nikeman123,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 02-12-2016, 02:26 PM   #5
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



SIDE NOTE:
My parents want to file their taxes. I told them to wait until I get done with all of your instructions. Was that good advice or do you think its safe for them to use this computer for taxes at this time? Also, I am not able to turn windows defender on for some reason. Seems to get stuck in a loop looking for updates.

# AdwCleaner v5.033 - Logfile created 12/02/2016 at 17:16:52
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : cwilm_000 - WINDOWS8
# Running from : C:\Users\cwilm_000\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater19.2.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1015av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1114tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1215av
[-] Folder Deleted : C:\Users\cwilm_000\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\cwilm_000\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Users\cwilm_000\AppData\Roaming\Mozilla\Firefox\Profiles\8ta9wgxy.default\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HealerCheckout.exe]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ Ask.com - What's Your Question?
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

***** [ Web browsers ] *****

[-] [C:\Users\cwilm_000\AppData\Roaming\Mozilla\Firefox\Profiles\8ta9wgxy.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8081 bytes] ##########
Attached Files
File Type: txt FRST.txt (43.0 KB, 13 views)
File Type: txt Addition.txt (40.1 KB, 14 views)
Nikeman123 is offline  
Old 02-12-2016, 03:23 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Nikeman123,

Quote:
Was that good advice
Yes. Good advice. Please some patience.

Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
2016-02-08 13:30 - 2016-02-08 13:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-08 11:00 - 2016-02-08 11:00 - 00000248 _____ C:\rescue.info
2015-08-09 12:36 - 2015-08-09 12:36 - 0000057 _____ () C:\ProgramData\Ament.ini
Task: {020B8A5A-BC4A-4C8F-A1E8-BA32956AB553} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {05C28D4B-2867-496A-ACAD-4935D4B6DA47} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0737D8D9-EAE1-4ADD-A390-506A1563DD28} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {1F0682F9-BE9F-45EE-8803-2753F45EAC1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2A614426-D6CD-4A15-9863-1F7E022229CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5A14A8A3-4131-45E8-8CFB-29C44EE80315} - \System Healer Task -> No File <==== ATTENTION
Task: {5B573D45-2336-42E3-ADC1-E3BD315C73DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {75424747-9959-478C-B258-90B86A6A7BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AC9464DF-1897-40F8-ADCF-7B6D8EEB920B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ACD76580-ADAD-4A2A-948B-029915500FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BABABDEA-9B07-4A61-BD31-1659D0585970} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {CAD2B63B-1988-47F4-817C-52DE5522EBA8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D3C667F8-7F17-4D82-A04F-986A5A43F4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D9595F11-CDF9-4204-B8F7-0D08C3374CCD} - \{7E797947-0408-7D0C-0B11-0C09780D117E} -> No File <==== ATTENTION
Task: {F1B4B4DD-C6FC-467B-BB2E-1106957D345B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:

end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 02-13-2016, 07:08 AM   #7
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by cwilm_000 (2016-02-13 10:02:34) Run:1
Running from C:\Users\cwilm_000\Desktop
Loaded Profiles: cwilm_000 (Available Profiles: cwilm_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
2016-02-08 13:30 - 2016-02-08 13:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-08 11:00 - 2016-02-08 11:00 - 00000248 _____ C:\rescue.info
2015-08-09 12:36 - 2015-08-09 12:36 - 0000057 _____ () C:\ProgramData\Ament.ini
Task: {020B8A5A-BC4A-4C8F-A1E8-BA32956AB553} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {05C28D4B-2867-496A-ACAD-4935D4B6DA47} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0737D8D9-EAE1-4ADD-A390-506A1563DD28} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {1F0682F9-BE9F-45EE-8803-2753F45EAC1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2A614426-D6CD-4A15-9863-1F7E022229CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5A14A8A3-4131-45E8-8CFB-29C44EE80315} - \System Healer Task -> No File <==== ATTENTION
Task: {5B573D45-2336-42E3-ADC1-E3BD315C73DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {75424747-9959-478C-B258-90B86A6A7BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AC9464DF-1897-40F8-ADCF-7B6D8EEB920B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ACD76580-ADAD-4A2A-948B-029915500FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BABABDEA-9B07-4A61-BD31-1659D0585970} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {CAD2B63B-1988-47F4-817C-52DE5522EBA8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D3C667F8-7F17-4D82-A04F-986A5A43F4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D9595F11-CDF9-4204-B8F7-0D08C3374CCD} - \{7E797947-0408-7D0C-0B11-0C09780D117E} -> No File <==== ATTENTION
Task: {F1B4B4DD-C6FC-467B-BB2E-1106957D345B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:

end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\rescue.info => moved successfully
C:\ProgramData\Ament.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{020B8A5A-BC4A-4C8F-A1E8-BA32956AB553}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{020B8A5A-BC4A-4C8F-A1E8-BA32956AB553}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05C28D4B-2867-496A-ACAD-4935D4B6DA47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C28D4B-2867-496A-ACAD-4935D4B6DA47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0737D8D9-EAE1-4ADD-A390-506A1563DD28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0737D8D9-EAE1-4ADD-A390-506A1563DD28}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F0682F9-BE9F-45EE-8803-2753F45EAC1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0682F9-BE9F-45EE-8803-2753F45EAC1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A614426-D6CD-4A15-9863-1F7E022229CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A614426-D6CD-4A15-9863-1F7E022229CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A14A8A3-4131-45E8-8CFB-29C44EE80315}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A14A8A3-4131-45E8-8CFB-29C44EE80315}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B573D45-2336-42E3-ADC1-E3BD315C73DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B573D45-2336-42E3-ADC1-E3BD315C73DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75424747-9959-478C-B258-90B86A6A7BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75424747-9959-478C-B258-90B86A6A7BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC9464DF-1897-40F8-ADCF-7B6D8EEB920B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC9464DF-1897-40F8-ADCF-7B6D8EEB920B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACD76580-ADAD-4A2A-948B-029915500FB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACD76580-ADAD-4A2A-948B-029915500FB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BABABDEA-9B07-4A61-BD31-1659D0585970}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BABABDEA-9B07-4A61-BD31-1659D0585970}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAD2B63B-1988-47F4-817C-52DE5522EBA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAD2B63B-1988-47F4-817C-52DE5522EBA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C667F8-7F17-4D82-A04F-986A5A43F4F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C667F8-7F17-4D82-A04F-986A5A43F4F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9595F11-CDF9-4204-B8F7-0D08C3374CCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9595F11-CDF9-4204-B8F7-0D08C3374CCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E797947-0408-7D0C-0B11-0C09780D117E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1B4B4DD-C6FC-467B-BB2E-1106957D345B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1B4B4DD-C6FC-467B-BB2E-1106957D345B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
EmptyTemp: => 918.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:05:09 ====
Nikeman123 is offline  
Old 02-14-2016, 10:52 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Please do the following.

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 02-15-2016, 03:30 PM   #9
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



malwarebytes scan log. Did not find anything...
Attached Files
File Type: txt malwarebytes.txt (1.0 KB, 9 views)
Nikeman123 is offline  
Old 02-15-2016, 11:12 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Nikeman123,

Thanks for the log. Please do the following.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 02-17-2016, 11:03 AM   #11
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7


Just a heads up. It might be a day or so before I can get back to their computer.
Nikeman123 is offline  
Old 02-19-2016, 07:24 PM   #12
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7


I'm pasting this from my phone. If it's not right let me know. 6 viruses were found

C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\3MI5H5YB\SystemHealer[1].exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\setup[1].msi a variant of Win32/Verti.Q potentially unwanted application
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\Web_Bar_Setup_2.0.5814.22035_air-search-is-3-4-3[1].exe a variant of Win32/WebBar.D potentially unwanted application
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TAQY03SR\google_chrome_setup.exe a variant of Win32/DownloadAssistant.C potentially unwanted application
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TYJVK113\1446855362_cbsetup[1].pkg a variant of Win32/Verti.Q potentially unwanted application
C:\Windows\Installer\14e47fb8.msi a variant of Win32/Verti.Q potentially unwanted application
Nikeman123 is offline  
Old 02-20-2016, 01:09 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

No problem. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
CreateRestorePoint:
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\3MI5H5YB\SystemHealer[1].exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\setup[1].msi
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\Web_Bar_Setup_2.0.5814.22035_air-search-is-3-4-3[1].exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TAQY03SR\google_chrome_setup.exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TYJVK113\1446855362_cbsetup[1].pkg
C:\Windows\Installer\14e47fb8.msi 
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 02-21-2016, 08:11 AM   #14
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by cwilm_000 (2016-02-21 11:04:58) Run:2
Running from C:\Users\cwilm_000\Desktop
Loaded Profiles: cwilm_000 & (Available Profiles: cwilm_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
2016-02-08 13:30 - 2016-02-08 13:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-08 11:00 - 2016-02-08 11:00 - 00000248 _____ C:\rescue.info
2015-08-09 12:36 - 2015-08-09 12:36 - 0000057 _____ () C:\ProgramData\Ament.ini
Task: {020B8A5A-BC4A-4C8F-A1E8-BA32956AB553} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {05C28D4B-2867-496A-ACAD-4935D4B6DA47} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0737D8D9-EAE1-4ADD-A390-506A1563DD28} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {1F0682F9-BE9F-45EE-8803-2753F45EAC1D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2A614426-D6CD-4A15-9863-1F7E022229CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5A14A8A3-4131-45E8-8CFB-29C44EE80315} - \System Healer Task -> No File <==== ATTENTION
Task: {5B573D45-2336-42E3-ADC1-E3BD315C73DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {75424747-9959-478C-B258-90B86A6A7BEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AC9464DF-1897-40F8-ADCF-7B6D8EEB920B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ACD76580-ADAD-4A2A-948B-029915500FB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BABABDEA-9B07-4A61-BD31-1659D0585970} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {CAD2B63B-1988-47F4-817C-52DE5522EBA8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D3C667F8-7F17-4D82-A04F-986A5A43F4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D9595F11-CDF9-4204-B8F7-0D08C3374CCD} - \{7E797947-0408-7D0C-0B11-0C09780D117E} -> No File <==== ATTENTION
Task: {F1B4B4DD-C6FC-467B-BB2E-1106957D345B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
EmptyTemp:

end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => not found.
"C:\rescue.info" => not found.
"C:\ProgramData\Ament.ini" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{020B8A5A-BC4A-4C8F-A1E8-BA32956AB553} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C28D4B-2867-496A-ACAD-4935D4B6DA47} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0737D8D9-EAE1-4ADD-A390-506A1563DD28} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0682F9-BE9F-45EE-8803-2753F45EAC1D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A614426-D6CD-4A15-9863-1F7E022229CE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A14A8A3-4131-45E8-8CFB-29C44EE80315} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B573D45-2336-42E3-ADC1-E3BD315C73DC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75424747-9959-478C-B258-90B86A6A7BEA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC9464DF-1897-40F8-ADCF-7B6D8EEB920B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACD76580-ADAD-4A2A-948B-029915500FB9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BABABDEA-9B07-4A61-BD31-1659D0585970} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAD2B63B-1988-47F4-817C-52DE5522EBA8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C667F8-7F17-4D82-A04F-986A5A43F4F3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9595F11-CDF9-4204-B8F7-0D08C3374CCD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E797947-0408-7D0C-0B11-0C09780D117E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1B4B4DD-C6FC-467B-BB2E-1106957D345B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
EmptyTemp: => 418.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:05:56 ====
Nikeman123 is offline  
Old 02-21-2016, 11:11 PM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Nikeman123. This is the old log. This is not what I wanted. Please do what is written in my post # 13.
__________________
tekir06 is offline  
Old 02-23-2016, 04:28 PM   #16
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7


Sorry. I must not have deleted the old log. I'm getting over there as soon as I can to post a new log. It's hard being that it's not my computer.
Nikeman123 is offline  
Old 02-27-2016, 08:03 AM   #17
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



Here it is finally! I now installed teamviewer on mine and my parents computer so I will be able to respond more quickly


Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by cwilm_000 (2016-02-27 10:57:37) Run:3
Running from C:\Users\cwilm_000\Desktop
Loaded Profiles: cwilm_000 (Available Profiles: cwilm_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\3MI5H5YB\SystemHealer[1].exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\setup[1].msi
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\Web_Bar_Setup_2.0.5814.22035_air-search-is-3-4-3[1].exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TAQY03SR\google_chrome_setup.exe
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TYJVK113\1446855362_cbsetup[1].pkg
C:\Windows\Installer\14e47fb8.msi
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\3MI5H5YB\SystemHealer[1].exe => moved successfully
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\setup[1].msi => moved successfully
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\OB7C0NR3\Web_Bar_Setup_2.0.5814.22035_air-search-is-3-4-3[1].exe => moved successfully
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TAQY03SR\google_chrome_setup.exe => moved successfully
C:\Users\cwilm_000\AppData\Local\Microsoft\Windows\INetCache\IE\TYJVK113\1446855362_cbsetup[1].pkg => moved successfully
C:\Windows\Installer\14e47fb8.msi => moved successfully
EmptyTemp: => 410.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:58:38 ====
Nikeman123 is offline  
Old 02-27-2016, 01:22 PM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Nikeman123,

Please tell me How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 02-27-2016, 04:24 PM   #19
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7


It seems ok. My parents are still a little nervous about doing their taxes. Do you think it's ok? Anything else I can do to make sure no viruses or other malware are on the machine?
Nikeman123 is offline  
Old 02-28-2016, 02:44 PM   #20
Registered Member
 
Join Date: Nov 2012
Posts: 102
OS: Windows 7



I forgot to mention that I am not able to turn windows defender on for some reason. I haven't been able to since these issues began and I just tried again but its not even an option to turn it on still. I still have AVG active but I'd like to be able to have defender on also...
Nikeman123 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Memory issue
Hey guys, So I need help figuring out what could be causing this https://content.screencast.com/users/Squeezitgirdle/folders/Jing/media/38bbe494-97b6-46a6-94de-38225d069cf1/2013-11-20_0932.png Just let me know what information I need to post and as long as I know how I'll be happy to...
Squeezit Windows 7 , Windows Vista Support 17 11-28-2013 03:06 AM
[SOLVED] Start Menu Icon Error, Save as Type Text Missing
Hello, everyone. First post and I have a problem. I have a Windows 7 Toshiba Laptop, Service Pack 1. A few months ago, I tried to change all the folder icons on my laptop to this cool black design. I used the registry to do this, and it worked-sort of. Unfortunately, it only affects Icons...
LLedge Windows 7 , Windows Vista Support 18 08-17-2013 03:47 PM
Dorkbot.I
Hello! I have problems with a virus on my dad's notebook. The AV (Microsoft Essentials) detects the Dorkbot and deletes it everytime I turn it on, but it keeps comming back. I've run a full analysis with the AV (which also detected "ASX/Wimad.DD" as a trojan) as well as Spybot-S&D, I'm currently...
gmgo Resolved HJT Threads 1 01-08-2012 01:33 AM
Virus has hidden most my programs and files and still wont go
NEED HELP URGENTLY!! Ive had a virus for the last few days that has crashed my computer several times, hidden many of my programs and files, and will not let me run some exe files. For the last few days I've been working nonstop reregistering dlls and other things just to get my computer in good...
ghost305 Resolved HJT Threads 1 01-02-2012 04:28 AM
Browser Hijacked HELP!
HELP, Anyone could help me i accidently clicked somewhere and now my browser keeps redirecting. I cleaned my hosts file and did 3 spybot scan, deleted some weird .exe file in my temp folder, here is HJT log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:59:08, on 2011-03-21...
mathix Windows 7 , Windows Vista Support 1 03-21-2011 03:26 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:53 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts