Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse AdInjector.c Virus On my Google Chrome [Closed]


  • This topic is locked This topic is locked

#1
HarleyMurphy

HarleyMurphy

    Member

  • Member
  • PipPip
  • 11 posts
Hello everyone it started a couple days ago when I opened Google Chrome AVG Popped up saying that I had a virus called Trojan Horse Adinjector.c. I cannot find a way so what I am asking for is how I could uninstall it. It says that it is in Chrome.exe. If you need more information ask me and I would really appreciate it if you could help.
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello HarleyMurphy

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Gringo
  • 0

#3
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.13.2
Run by harley at 12:33:21 on 2013-09-18
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.5251.3087 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\harley\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\harley\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\MendFast\MFReminder.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://lenovo13.msn.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
uURLSearchHooks: KeyBar 1.14 Toolbar: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKey0.dll
mURLSearchHooks: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
mURLSearchHooks: KeyBar 1.14 Toolbar: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKey0.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Shopping Sidekick Plugin: {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: KeyBar 1.14 Toolbar: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKey0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: express-files Toolbar: {88AC3CB6-596B-4217-964C-B6757EF9602D} - C:\Program Files (x86)\express-files\prxtbexpr.dll
TB: KeyBar 1.14 Toolbar: {DA51D4F6-3E7E-4EF8-B400-9198E0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKey0.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: express-files Toolbar: {88ac3cb6-596b-4217-964c-b6757ef9602d} - C:\Program Files (x86)\express-files\prxtbexpr.dll
TB: KeyBar 1.14 Toolbar: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKey0.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
uRun: [Facebook Update] "C:\Users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SearchProtect] C:\Users\harley\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [MendFast] C:\Program Files (x86)\MendFast\MFLauncher.exe
uRun: [Yontoo Desktop] "C:\Users\harley\AppData\Roaming\Yontoo\YontooDesktop.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{8BD9248C-490A-436C-8942-E2636989716C} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN69498275196322083&UM=2&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP08
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119586&babsrc=HP_ss&mntrId=6a59aa71000000000000c0143dcb643c
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN69498275196322083&UM=&q=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\harley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\harley\AppData\Local\Roblox\Versions\version-5fd8234dbfe247fe\NPRobloxProxy.dll
FF - plugin: C:\Users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}\plugins\np-mswmp.dll
FF - plugin: C:\Users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-12 19:49; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-18 15:15; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-14 645952]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-10-14 39008]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\Drivers\mfehidk.sys [2012-6-22 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\Drivers\mfewfpk.sys [2012-6-22 339776]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2012-10-14 2252600]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-7 97056]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2012-10-14 201376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-14 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-17 701512]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-24 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-24 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-24 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-10-14 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-10-14 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-10-14 182312]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-7-16 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-14 365376]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-7-5 56136]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2012-10-14 56136]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-7-10 23552]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\Drivers\cfwids.sys [2012-6-22 69672]
R3 EuMusDesignVirtualAudioCableWdm;@oem21.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);C:\windows\System32\Drivers\vrtaucbl.sys [2013-6-28 66728]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-14 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-14 110744]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-17 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\Drivers\mfeavfk.sys [2012-6-22 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\Drivers\mfefirek.sys [2012-6-22 515528]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-4 43832]
R3 vm331avs;Digital Camera 1;C:\windows\System32\Drivers\vm331avs.sys [2012-10-14 975104]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-10-14 164152]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-2 49152]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2012-10-14 158008]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2012-10-14 40248]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\Drivers\HipShieldK.sys [2012-12-24 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-14 332080]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\Drivers\mferkdet.sys [2012-6-22 106112]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-10-14 315536]
S3 SWDUMon;SWDUMon;C:\windows\System32\Drivers\SWDUMon.sys [2013-7-15 16152]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-7-24 14544]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-10-14 102376]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-24 201304]
.
=============== Created Last 30 ================
.
2013-09-17 22:48:26 -------- d-----w- C:\Users\harley\AppData\Roaming\Malwarebytes
2013-09-17 22:48:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-17 22:48:08 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-17 22:48:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 22:49:15 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-09-15 17:52:33 -------- d-----w- C:\sh4ldr
2013-09-15 17:52:33 -------- d-----w- C:\Program Files\Enigma Software Group
2013-09-15 17:52:16 -------- d-----w- C:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-14 00:03:35 -------- d-----w- C:\Users\harley\AppData\Local\{B8331CD5-1051-4A9A-B8E9-AB2C3A1E2625}
2013-09-12 15:19:09 1156096 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-09-12 15:19:08 778752 ----a-w- C:\windows\System32\oleaut32.dll
2013-09-12 15:19:08 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2013-09-12 15:19:08 1025024 ----a-w- C:\windows\System32\localspl.dll
2013-09-12 12:18:57 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-09-12 12:16:24 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-05 08:43:42 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-08-27 21:30:52 -------- d-----w- C:\toolbarImages
.
==================== Find3M ====================
.
2013-09-05 20:09:17 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-14 23:27:35 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-07-20 08:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-07-20 08:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-07-20 08:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-07-20 08:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-07-18 09:04:48 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
2013-07-15 18:06:28 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2013-07-13 06:18:21 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2013-07-01 08:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-06-28 19:12:41 66728 ----a-w- C:\windows\System32\drivers\vrtaucbl.sys
2013-06-26 03:01:38 321536 ----a-w- C:\windows\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\windows\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\windows\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\windows\System32\wcmsvc.dll
.
============= FINISH: 12:34:10.08 ===============
  • 0

#4
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2012-12-24 3:39:58 PM
System Uptime: 2013-09-18 8:19:52 AM (4 hours ago)
.
Motherboard: LENOVO | | INVALID
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 651 GiB total, 494.332 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 19.624 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Broadcom Bluetooth 4.0 USB
Device ID: USB\VID_0489&PID_E032\C0143DCB643C
Manufacturer: Broadcom
Name: Broadcom Bluetooth 4.0 USB
PNP Device ID: USB\VID_0489&PID_E032\C0143DCB643C
Service: BTHUSB
.
==== System Restore Points ===================
.
RP44: 2013-09-01 1:47:13 PM - Scheduled Checkpoint
RP45: 2013-09-15 10:06:39 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Amazon Browser App
Arma 2
Arma 2: Operation Arrowhead
Arma 2: Operation Arrowhead Beta
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 2.0.3
AVG 2013
AVG Security Toolbar
Bandisoft MPEG-1 Decoder
BattlEye for OA Uninstall
Bing Bar
BrowserProtect
CCleaner (remove only)
Chivalry: Medieval Warfare
Conexant HD Audio
Counter-Strike: Source
D3DX10
DayZ Commander
Delta toolbar
Dolby Advanced Audio v2
DriverUpdate
Dxtory version 2.0.119
Energy Management
express-files Toolbar
Facebook Video Calling 1.2.0.287
Fraps (remove only)
Free Ride Games Player
Free YouTube Download version 3.2.11.812
Free YouTube Uploader version 4.0.4.812
FreeRide Games
Garry's Mod
Google Chrome
Google Update Helper
HandBrake 0.9.8
IB Updater 2.0.0.574
Incredibar Toolbar on IE
Intel AppUp(SM) center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 13
Java 7 Update 17 (64-bit)
Java Auto Updater
KeyBar 1.14 Toolbar
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo PowerDVD10
Lenovo Solution Center
Lenovo YouCam
Lenovo_Wireless_Driver
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security
McAfee Security Scan Plus
MendFast v3.2
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Minecraft Note Block Studio version 3.1.3
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nitro Pro 7
Paint.NET v3.5.10
Play withSIX
Power2Go
PricePeep
Razer Game Booster
Realtek USB 2.0 Card Reader
ROBLOX Player for harley
ROBLOX Studio 2013 for harley
Search Protect by conduit
Shared C Run-time for x64
Shopping Sidekick Plugin
Six Updater
Skype Click to Call
Skype™ 6.5
Software Version Updater
Source SDK Base 2007
Steam
SugarSync Manager
Synaptics Pointing Device Driver
Team Fortress 2
TeamSpeak 3 Client
Tiny Media Player v1.0
UserGuide
Ventrilo Client
VideoPad Video Editor
Virtual Audio Cable 4.10
Visual Studio 2010 x64 Redistributables
VisualBee for Microsoft PowerPoint
Wajam
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
Yahoo! Toolbar
Yontoo 2.053
.
==== Event Viewer Messages From Past Week ========
.
2013-09-18 8:21:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
2013-09-18 8:21:59 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2013-09-18 8:20:57 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The system cannot find the file specified.
2013-09-18 8:18:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2013-09-18 10:52:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer WENDY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BD9248C-490A-436C-8942-E2636989716C}. The master browser is stopping or an election is being forced.
2013-09-17 5:49:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EECF20ED-D187-4928-B6FD-31B13245A5BD}. The master browser is stopping or an election is being forced.
2013-09-16 9:12:58 PM, Error: Service Control Manager [7034] - The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).
2013-09-16 3:31:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user harley\harley SID (S-1-5-21-261124486-1905081341-3828901183-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
2013-09-15 12:39:24 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
2013-09-15 12:39:20 PM, Error: Service Control Manager [7019] - The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
2013-09-15 12:39:20 PM, Error: Service Control Manager [7018] - Detected circular dependencies auto-starting services. Check the service dependency tree.
2013-09-15 12:37:38 PM, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
2013-09-15 12:35:30 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2013-09-15 12:34:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2013-09-15 12:34:08 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 12:29:02 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-09-15 10:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 8 for x64-based Systems (KB2862768).
2013-09-14 12:00:57 PM, Error: Service Control Manager [7000] - The BrowserProtect service failed to start due to the following error: The system cannot find the path specified.
2013-09-14 12:00:27 PM, Error: Service Control Manager [7031] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello HarleyMurphy

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#6
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Right after the restart from the AdwCleaner it has not popped up anymore I really appreciate your time to help me with this issue! Thankyou So much.
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello HarleyMurphy


That is only one step so I will need to see the report please


gringo
  • 0

#8
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Im sorry I am trying to locate it where should I be searching C:\AdwCleaner[S1].txt
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

click on the start button
go to computer
click on the C:/ drive and see if you see the report

William
  • 0

#10
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm for some reason I am not seeing the report should I redo it?
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
That is ok - did you also run the other program?


Gringo
  • 0

#12
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No but I will now. I didnt because I thought the first thing got rid of it.
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Thats ok I will be here waiting for it


gringo
  • 0

#14
HarleyMurphy

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 8 x64
Ran by harley on 2013-09-18 at 17:55:43.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-261124486-1905081341-3828901183-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-261124486-1905081341-3828901183-1001\Software\Wajam
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CEEC3CB1-9428-411A-BB90-A475FBAD9060}



~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\driverupdate startup.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\harley\appdata\local\jollywallet"
Successfully deleted: [Folder] "C:\Users\harley\appdata\local\visualbeeclient"
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{016152D8-2179-4B22-B0EF-299EDEC5A8DE}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{02178CC6-0EE9-44F5-B43A-703708B0F746}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{0A2701D0-5F24-4D76-A343-A704DB3F2DCA}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{21E3D597-EBA5-42D1-8262-129A8C45B669}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{40B5D1ED-E66D-4368-A4E3-7DF720D87841}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{41A182E7-2B9A-4BA7-8D64-C730B3D968A2}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{4DA52239-AFDE-418B-B898-F407F69F1644}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{4F3DE70D-065E-4A30-A794-E344A7D7C5BF}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{58D1E2A6-B82D-4212-AE9A-8874C2B1AE59}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{5BA4829A-731E-4634-8DF7-7B35FA13B6F7}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{5DEB3B0E-8CEA-41DE-A6F6-2F38FC373942}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{62CB0D54-BB9D-42DB-990A-A2FAC692595C}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{6E88FE10-27A3-4F02-8965-E0B364A3BB46}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{8488C12B-CB77-49AC-9202-1F7137DE5CAF}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{85DDFCC1-214F-4822-822D-B883DF8B78BE}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{8F241BEF-F45B-4F02-A8BC-97666AC5F751}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{902DDE6F-DA55-46A3-91BB-B0F59C45C52C}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{B8331CD5-1051-4A9A-B8E9-AB2C3A1E2625}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{C9E9C865-5AF9-4FFA-B08C-E8AFE5692463}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{DA29B660-658C-440F-BD5D-BB5C990C3A0A}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{DAA9496B-1045-491A-9AC5-AC0BFD2707BA}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{DF66D9B4-9A57-4F55-A7E1-7D55ECC3DA38}
Successfully deleted: [Empty Folder] C:\Users\harley\appdata\local\{E735AFA5-936C-41FE-91D8-2F2C7CDF5C66}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\harley\AppData\Roaming\mozilla\firefox\profiles\r5z3kwko.default\extensions\[email protected]
Emptied folder: C:\Users\harley\AppData\Roaming\mozilla\firefox\profiles\r5z3kwko.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-09-18 at 18:03:57.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello HarleyMurphy

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP