Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help removing FLV Player & Safer-Surf [Solved]


  • This topic is locked This topic is locked

#16
matrix5k

matrix5k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay thanks!


  • 0

Advertisements


#17
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi matrix5k,

We need to do two final steps to ensure you are clean and then (if it all checks out) I will have our tools removed properly.

Step1 - Reset Chrome Cache

Clearing cache and cookies in Chrome

1) Start Chrome and click on the Menu button in the upper right hand corner.
Menubutton_zps786b9612.jpg

2) In the drop down menu list, select Tools and then select (click on) Clear browsing data.
Selectingtoclearcacheandcookies_zps12d95

3) In the box that opens, first select the amount of time you want to clear data from; to clear all the data, select "the beginning of time" in the drop down box in the top. To make sure that the cache and cookies are cleared, select (click on the check box to mark them) "Cookies and other site and plug-in data", "Cached images and files" and "Browsing history". To be totally on the safe side, you can check all the boxes and this will ensure that all of Chrome is cleared. Once you have selected what you want cleared, click on the "Clear browsing data" button and Chrome will delete the saved data from its files.

Clearinghistoryselections_zps2dc034f8.jp

When the window shown above closes (the clearing is done), close (exit) out of Chrome and restart it for the changes to take effect.


Step2 - FRST scan

I would like one FRST scan to verify all the fixes took effect properly.
  • Right click on FRST64.exe and select "Run as Administrator...". When the tool opens click Yes to disclaimer if it does.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
Things for your reply
  • Chrome reset go OK?
  • FRST.txt log text

  • 0

#18
matrix5k

matrix5k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi, I reset Chrome. Here is the FRST.txt log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Mike (administrator) on YAU on 31-07-2014 19:21:20
Running from C:\Users\Mike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-12-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\S-1-5-21-660377347-265059115-3584000499-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-660377347-265059115-3584000499-1001\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [90216 2010-03-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A2CE26A-9723-4D8C-8CF1-401DC30A4981} URL = http://search.yahoo....20,20028,0,82,0
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EF91116F-DE92-4286-9087-093085152182} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-04]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Google Talk Plugin) - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Reader Library) - C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-02-01]
CHR Extension: (Manta Ray) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm [2013-02-01]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-22]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2433024 2012-09-05] (VMware, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-09] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vdrive; system32\DRIVERS\vdrive.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 19:21 - 2014-07-31 19:21 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-07-28 19:00 - 2014-07-28 19:00 - 00000973 _____ () C:\Users\Mike\Desktop\aswMBR.zip
2014-07-28 18:59 - 2014-07-28 18:59 - 00001965 _____ () C:\Users\Mike\Desktop\aswMBR.txt
2014-07-28 18:59 - 2014-07-28 18:59 - 00000512 _____ () C:\Users\Mike\Desktop\MBR.dat
2014-07-28 18:55 - 2014-07-28 18:55 - 05185536 _____ (AVAST Software) C:\Users\Mike\Desktop\aswmbr.exe
2014-07-28 18:53 - 2014-07-28 18:55 - 00031020 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-07-28 18:52 - 2014-07-31 19:21 - 00020294 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-07-28 18:52 - 2014-07-31 19:21 - 00000000 ____D () C:\FRST
2014-07-28 18:51 - 2014-07-31 19:21 - 02094080 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-07-28 12:15 - 2014-07-28 12:19 - 00000000 ____D () C:\AdwCleaner
2014-07-28 12:14 - 2014-07-28 12:14 - 01365525 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-07-28 12:12 - 2014-07-29 22:51 - 00003328 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-28 12:12 - 2014-07-29 22:51 - 00003192 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-28 12:02 - 2014-07-28 12:02 - 00000000 ____D () C:\_OTL
2014-07-27 15:45 - 2014-07-27 15:45 - 00126202 _____ () C:\Users\Mike\Desktop\Extras.Txt
2014-07-27 15:42 - 2014-07-28 12:40 - 00088212 _____ () C:\Users\Mike\Desktop\OTL.Txt
2014-07-26 16:10 - 2014-07-26 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
2014-07-01 19:56 - 2014-07-01 20:06 - 00000000 ____D () C:\Users\Mike\Desktop\2014-07-01
2014-07-01 11:36 - 2014-07-01 11:36 - 00095744 _____ () C:\Users\Mike\Desktop\Copy of Copy of Telephone directory 9-28-2012.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 19:22 - 2014-07-28 18:52 - 00020294 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-07-31 19:21 - 2014-07-31 19:21 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-07-31 19:21 - 2014-07-28 18:52 - 00000000 ____D () C:\FRST
2014-07-31 19:21 - 2014-07-28 18:51 - 02094080 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-07-31 19:20 - 2014-02-07 17:50 - 00000000 ____D () C:\Users\Mike\Desktop\study
2014-07-31 19:08 - 2012-03-24 15:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660377347-265059115-3584000499-1001UA.job
2014-07-31 19:07 - 2010-07-28 04:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 17:54 - 2010-09-29 17:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-31 17:38 - 2010-07-28 04:24 - 01201377 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 16:28 - 2012-03-24 15:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660377347-265059115-3584000499-1001Core.job
2014-07-31 09:53 - 2010-07-28 04:43 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 23:42 - 2010-09-29 17:32 - 00117196 _____ () C:\Users\Mike\Desktop\Database.kdb
2014-07-29 22:56 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 22:56 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 22:51 - 2014-07-28 12:12 - 00003328 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-29 22:51 - 2014-07-28 12:12 - 00003192 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-29 22:49 - 2014-05-11 00:30 - 00280764 _____ () C:\Windows\PFRO.log
2014-07-29 22:49 - 2014-05-10 16:10 - 00004546 _____ () C:\Windows\setupact.log
2014-07-29 22:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 22:43 - 2013-02-11 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 22:43 - 2011-03-29 13:36 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Mozilla
2014-07-29 21:24 - 2012-07-18 17:12 - 00000000 ____D () C:\Users\Mike\.umplayer
2014-07-29 15:20 - 2010-09-29 17:33 - 00256000 _____ () C:\Users\Mike\Desktop\PF.xls
2014-07-29 13:41 - 2011-07-01 19:16 - 00000000 ____D () C:\Users\Mike\Desktop\Rebates
2014-07-29 10:09 - 2012-02-10 19:15 - 00000000 ____D () C:\Users\Mike\Desktop\Trang
2014-07-29 10:09 - 2009-07-13 22:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 19:00 - 2014-07-28 19:00 - 00000973 _____ () C:\Users\Mike\Desktop\aswMBR.zip
2014-07-28 18:59 - 2014-07-28 18:59 - 00001965 _____ () C:\Users\Mike\Desktop\aswMBR.txt
2014-07-28 18:59 - 2014-07-28 18:59 - 00000512 _____ () C:\Users\Mike\Desktop\MBR.dat
2014-07-28 18:55 - 2014-07-28 18:55 - 05185536 _____ (AVAST Software) C:\Users\Mike\Desktop\aswmbr.exe
2014-07-28 18:55 - 2014-07-28 18:53 - 00031020 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-07-28 12:40 - 2014-07-27 15:42 - 00088212 _____ () C:\Users\Mike\Desktop\OTL.Txt
2014-07-28 12:19 - 2014-07-28 12:15 - 00000000 ____D () C:\AdwCleaner
2014-07-28 12:14 - 2014-07-28 12:14 - 01365525 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-07-28 12:02 - 2014-07-28 12:02 - 00000000 ____D () C:\_OTL
2014-07-28 11:44 - 2013-05-15 22:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\uTorrent
2014-07-28 11:44 - 2010-10-16 08:58 - 00000000 ___HD () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-28 11:44 - 2010-10-16 08:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-27 15:45 - 2014-07-27 15:45 - 00126202 _____ () C:\Users\Mike\Desktop\Extras.Txt
2014-07-26 16:10 - 2014-07-26 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
2014-07-26 16:03 - 2014-06-22 23:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 15:59 - 2010-07-28 05:05 - 00001972 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-24 13:44 - 2013-02-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-24 00:02 - 2010-09-29 17:33 - 00004298 _____ () C:\Users\Mike\Desktop\to do.txt
2014-07-21 19:32 - 2014-03-03 15:01 - 00000000 ____D () C:\Users\Mike\Desktop\CVS
2014-07-16 21:47 - 2014-04-01 08:17 - 00000000 ____D () C:\Users\Mike\Desktop\Bonuses
2014-07-06 23:17 - 2013-03-06 22:35 - 00000000 ____D () C:\Users\Mike\Desktop\eBay
2014-07-03 10:38 - 2014-03-31 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-01 20:06 - 2014-07-01 19:56 - 00000000 ____D () C:\Users\Mike\Desktop\2014-07-01
2014-07-01 11:36 - 2014-07-01 11:36 - 00095744 _____ () C:\Users\Mike\Desktop\Copy of Copy of Telephone directory 9-28-2012.xls
 
Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\Foxit Reader Updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 12:55
 
==================== End Of Log ============================

  • 0

#19
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi matrix5k,

 

Kind of scratching my head over this one as there are some stubborn settings in Chrome that need repairing.  :headscratch: :headscratch:

 

Double click on FRST64.exe on your desktop.

Once it opens, copy and paste the following in the Search: box

npMozCouponPrinter.dll;NPcol400.dll;npCouponPrinter.dll

 

 

Then click "Search Files"

Please copy and paste the resulting log here in your next reply.


  • 0

#20
matrix5k

matrix5k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is the log from the search.

 

Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Mike at 2014-08-02 13:54:35
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
 
================== Search Files: "npMozCouponPrinter.dll;NPcol400.dll;npCouponPrinter.dll" =============
 
C:\_OTL\MovedFiles\07282014_120234\C_Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2013-02-11 21:08][2012-05-14 14:22] 0466944 ____A (Catalina Marketing Corporation) AE5E8753DDFD97C7B15BB542A431F396
 
====== End Of Search ======

  • 0

#21
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Thank you, matrix5k.  That tells me what we need to do.
 
Please follow these steps to reset Chrome's Plugin Cache:

  • Start Chrome (if you are not already using it).
  • In the address bar, type in the following:
  • chrome://plugins/
  • Press Enter.
  • Chrome will open a page listing all the plugins currently in its cache.
  • Select one of them and click on Disable; then click on Enable on the same Plugin (it does not make any difference which one you choose; the Disable/Enable just triggers Chrome to rebuild the Plugin Cache).
  • Close Chrome completely and then open Chrome again.

 

Please run one more scan with FRST and post the log here.


  • 0

#22
matrix5k

matrix5k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I did disable/enable in Chrome. Here is the new scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Mike (administrator) on YAU on 02-08-2014 16:48:57
Running from C:\Users\Mike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-12-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-660377347-265059115-3584000499-1000\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\S-1-5-21-660377347-265059115-3584000499-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-660377347-265059115-3584000499-1001\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [90216 2010-03-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A2CE26A-9723-4D8C-8CF1-401DC30A4981} URL = http://search.yahoo....20,20028,0,82,0
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EF91116F-DE92-4286-9087-093085152182} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-04]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-02-01]
CHR Extension: (Manta Ray) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfgomgcnnjcbkodippaajplchmepkkcm [2013-02-01]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-22]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2433024 2012-09-05] (VMware, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-09] (AnchorFree Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vdrive; system32\DRIVERS\vdrive.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-02 13:54 - 2014-08-02 13:59 - 00000499 _____ () C:\Users\Mike\Desktop\Search.txt
2014-08-01 08:47 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 08:47 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 08:47 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 08:47 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 08:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 08:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 08:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 08:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 19:51 - 2014-08-02 16:47 - 00000018 _____ () C:\Users\Mike\Desktop\Database.kdb.lock
2014-07-31 19:21 - 2014-07-31 19:21 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-07-28 19:00 - 2014-07-28 19:00 - 00000973 _____ () C:\Users\Mike\Desktop\aswMBR.zip
2014-07-28 18:59 - 2014-07-28 18:59 - 00001965 _____ () C:\Users\Mike\Desktop\aswMBR.txt
2014-07-28 18:59 - 2014-07-28 18:59 - 00000512 _____ () C:\Users\Mike\Desktop\MBR.dat
2014-07-28 18:55 - 2014-07-28 18:55 - 05185536 _____ (AVAST Software) C:\Users\Mike\Desktop\aswmbr.exe
2014-07-28 18:53 - 2014-07-28 18:55 - 00031020 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-07-28 18:52 - 2014-08-02 16:49 - 00000000 ____D () C:\FRST
2014-07-28 18:52 - 2014-08-02 16:48 - 00019915 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-07-28 18:51 - 2014-07-31 19:21 - 02094080 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-07-28 12:15 - 2014-07-28 12:19 - 00000000 ____D () C:\AdwCleaner
2014-07-28 12:14 - 2014-07-28 12:14 - 01365525 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-07-28 12:12 - 2014-07-29 22:51 - 00003328 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-28 12:12 - 2014-07-29 22:51 - 00003192 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-28 12:02 - 2014-07-28 12:02 - 00000000 ____D () C:\_OTL
2014-07-27 15:45 - 2014-07-27 15:45 - 00126202 _____ () C:\Users\Mike\Desktop\Extras.Txt
2014-07-27 15:42 - 2014-07-28 12:40 - 00088212 _____ () C:\Users\Mike\Desktop\OTL.Txt
2014-07-26 16:10 - 2014-07-26 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-02 16:50 - 2014-07-28 18:52 - 00019915 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-08-02 16:49 - 2014-07-28 18:52 - 00000000 ____D () C:\FRST
2014-08-02 16:47 - 2014-07-31 19:51 - 00000018 _____ () C:\Users\Mike\Desktop\Database.kdb.lock
2014-08-02 16:43 - 2010-09-29 17:33 - 00256000 _____ () C:\Users\Mike\Desktop\PF.xls
2014-08-02 16:37 - 2014-02-07 17:50 - 00000000 ____D () C:\Users\Mike\Desktop\study
2014-08-02 16:37 - 2012-02-10 19:15 - 00000000 ____D () C:\Users\Mike\Desktop\Trang
2014-08-02 16:08 - 2012-03-24 15:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660377347-265059115-3584000499-1001UA.job
2014-08-02 15:53 - 2010-07-28 04:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 15:15 - 2012-03-24 15:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660377347-265059115-3584000499-1001Core.job
2014-08-02 13:59 - 2014-08-02 13:54 - 00000499 _____ () C:\Users\Mike\Desktop\Search.txt
2014-08-02 09:54 - 2010-09-29 17:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-02 09:53 - 2010-07-28 04:43 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 08:48 - 2010-07-28 04:24 - 01286126 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 19:21 - 2014-07-31 19:21 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-07-31 19:21 - 2014-07-28 18:51 - 02094080 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-07-29 23:42 - 2010-09-29 17:32 - 00117196 _____ () C:\Users\Mike\Desktop\Database.kdb
2014-07-29 22:56 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 22:56 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 22:51 - 2014-07-28 12:12 - 00003328 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-29 22:51 - 2014-07-28 12:12 - 00003192 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-660377347-265059115-3584000499-1001
2014-07-29 22:49 - 2014-05-11 00:30 - 00280764 _____ () C:\Windows\PFRO.log
2014-07-29 22:49 - 2014-05-10 16:10 - 00004546 _____ () C:\Windows\setupact.log
2014-07-29 22:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 22:43 - 2013-02-11 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 22:43 - 2011-03-29 13:36 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Mozilla
2014-07-29 21:24 - 2012-07-18 17:12 - 00000000 ____D () C:\Users\Mike\.umplayer
2014-07-29 13:41 - 2011-07-01 19:16 - 00000000 ____D () C:\Users\Mike\Desktop\Rebates
2014-07-29 10:09 - 2009-07-13 22:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 19:00 - 2014-07-28 19:00 - 00000973 _____ () C:\Users\Mike\Desktop\aswMBR.zip
2014-07-28 18:59 - 2014-07-28 18:59 - 00001965 _____ () C:\Users\Mike\Desktop\aswMBR.txt
2014-07-28 18:59 - 2014-07-28 18:59 - 00000512 _____ () C:\Users\Mike\Desktop\MBR.dat
2014-07-28 18:55 - 2014-07-28 18:55 - 05185536 _____ (AVAST Software) C:\Users\Mike\Desktop\aswmbr.exe
2014-07-28 18:55 - 2014-07-28 18:53 - 00031020 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-07-28 12:40 - 2014-07-27 15:42 - 00088212 _____ () C:\Users\Mike\Desktop\OTL.Txt
2014-07-28 12:19 - 2014-07-28 12:15 - 00000000 ____D () C:\AdwCleaner
2014-07-28 12:14 - 2014-07-28 12:14 - 01365525 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-07-28 12:02 - 2014-07-28 12:02 - 00000000 ____D () C:\_OTL
2014-07-28 11:44 - 2013-05-15 22:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\uTorrent
2014-07-28 11:44 - 2010-10-16 08:58 - 00000000 ___HD () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-28 11:44 - 2010-10-16 08:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-27 15:45 - 2014-07-27 15:45 - 00126202 _____ () C:\Users\Mike\Desktop\Extras.Txt
2014-07-26 16:10 - 2014-07-26 16:10 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Desktop\OTL.exe
2014-07-26 16:03 - 2014-06-22 23:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 15:59 - 2010-07-28 05:05 - 00001972 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-24 13:44 - 2013-02-21 21:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-24 00:02 - 2010-09-29 17:33 - 00004298 _____ () C:\Users\Mike\Desktop\to do.txt
2014-07-21 19:32 - 2014-03-03 15:01 - 00000000 ____D () C:\Users\Mike\Desktop\CVS
2014-07-16 21:47 - 2014-04-01 08:17 - 00000000 ____D () C:\Users\Mike\Desktop\Bonuses
2014-07-06 23:17 - 2013-03-06 22:35 - 00000000 ____D () C:\Users\Mike\Desktop\eBay
2014-07-03 10:38 - 2014-03-31 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\Foxit Reader Updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 12:55
 
==================== End Of Log ============================

  • 0

#23
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Alright!! Now I get to do the part I like most ....

All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • delfix.jpg
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java needs to be kept updated to the latest version; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:
Your security is pretty well maintained but I'll leave these here for your reference anyway.

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - note that this comes as shareware first then converts to freeware
Zone Alarm Free Firewall - please be careful installing this as it includes foistware

Also, consider adding (in your case, keeping) MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0

#24
matrix5k

matrix5k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yay thanks for the help!! You guys are the best. Here is the log for the program removal.

 

# DelFix v10.8 - Logfile created 03/08/2014 at 21:07:42
# Updated 29/07/2014 by Xplode
# Username : Mike - YAU
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mike\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.2.9.2.0_31.08.2013_13.14.41_log.txt
Deleted : C:\TDSSKiller.2.9.2.0_31.08.2013_13.25.19_log.txt
Deleted : C:\Users\Mike\Desktop\Addition.txt
Deleted : C:\Users\Mike\Desktop\AdwCleaner.exe
Deleted : C:\Users\Mike\Desktop\aswmbr.exe
Deleted : C:\Users\Mike\Desktop\aswMBR.txt
Deleted : C:\Users\Mike\Desktop\aswMBR.zip
Deleted : C:\Users\Mike\Desktop\Extras.Txt
Deleted : C:\Users\Mike\Desktop\Fixlog.txt
Deleted : C:\Users\Mike\Desktop\FRST.txt
Deleted : C:\Users\Mike\Desktop\FRST64.exe
Deleted : C:\Users\Mike\Desktop\MBR.dat
Deleted : C:\Users\Mike\Desktop\OTL.Txt
Deleted : C:\Users\Mike\Desktop\OTL.exe
Deleted : C:\Users\Mike\Desktop\Search.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #279 [Windows Update | 08/01/2014 15:45:50]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP