Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

redirect virus in firefox / "Reported Web Forgery" [S

Started by espeed , Dec 26 2014 06:25 PM
firefox redirect Reported Web Forgery

  • This topic is locked This topic is locked

#16
BrianDrab
Posted 09 January 2015 - 07:20 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the information. Looks like we got rid of the buggers. Please follow the instructions below.

 

Step#1 - FRST Fix
 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.12KB   197 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#3 - Fresh FRST Log only 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Press Scan button.
3 It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
4. Please copy and paste log back here.
 

 

Items for your next post

1. FRST Fix log

2. Security Check log

3. Fresh FRST log

4. Are you happy with the results?


  • 0

Advertisements

#17
espeed
Posted 09 January 2015 - 05:38 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks so much for your help, I'm very happy with the results. Here are your logs you asked for. Is there anything else I need to do to my machine to finish cleaning it up?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Average Savage at 2015-01-09 16:15:55 Run:4
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Google\Chrome" /F
reg: reg delete "HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Chrome" /F
reg: reg delete "HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F
C:\Program Files (x86)\Google\Chrome
C:\Users\Average Savage\AppData\Local\Google\Chrome
EmptyTemp:

*****************

Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
CHR Profile: C:\Users\Average Savage\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2731679655-819755991-414572229-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Google\Chrome" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Google\Chrome" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2731679655-819755991-414572229-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /F =========

The operation completed successfully.

 

========= End of Reg: =========

"C:\Program Files (x86)\Google\Chrome" => File/Directory not found.
C:\Users\Average Savage\AppData\Local\Google\Chrome => Moved successfully.
EmptyTemp: => Removed 317.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:18:57 ====

 

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Average Savage (administrator) on LAZLO on 09-01-2015 16:31:37
Running from C:\Users\Average Savage\Desktop
Loaded Profile: Average Savage (Available profiles: Average Savage)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Bootstrap Software Development) C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Average Savage\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BSDAppUpdater] => C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2013-05-21] (Bootstrap Software Development)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [Google Update] => C:\Users\Average Savage\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-07] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-03] (Google Inc.)
HKU\S-1-5-21-2731679655-819755991-414572229-1000\...\RunOnce: [Adobe Speed Launcher] => 1420845718
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2731679655-819755991-414572229-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Average Savage\AppData\Roaming\Mozilla\Firefox\Profiles\jfk9sti7.default
FF DefaultSearchEngine: Google
FF Homepage: www.theonion.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2731679655-819755991-414572229-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Average Savage\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 16:31 - 2015-01-09 16:34 - 00013799 _____ () C:\Users\Average Savage\Desktop\FRST.txt
2015-01-09 16:27 - 2015-01-09 16:27 - 00852504 _____ () C:\Users\Average Savage\Desktop\SecurityCheck.exe
2015-01-07 12:12 - 2015-01-07 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 12:11 - 2015-01-07 12:11 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 12:11 - 2015-01-07 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 12:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 12:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 12:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-07 12:04 - 2015-01-07 12:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Average Savage\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-05 19:42 - 2015-01-05 19:42 - 00000000 ____D () C:\Users\Average Savage\Desktop\Photos to email
2015-01-05 17:08 - 2015-01-07 12:01 - 00000000 ____D () C:\Users\Average Savage\Desktop\FRST-OlderVersion
2014-12-30 15:35 - 2014-12-30 15:35 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-29 16:03 - 2014-12-29 16:03 - 05198336 _____ (AVAST Software) C:\Users\Average Savage\Desktop\aswMBR.exe
2014-12-29 15:55 - 2014-12-29 15:55 - 00000000 ____D () C:\windows\ERUNT
2014-12-29 15:50 - 2014-12-29 15:50 - 01707939 _____ (Thisisu) C:\Users\Average Savage\Desktop\JRT.exe
2014-12-28 14:16 - 2015-01-08 17:22 - 00000000 ____D () C:\Users\Average Savage\Desktop\Antivirus
2014-12-28 13:33 - 2014-12-28 13:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-27 18:58 - 2014-12-27 18:58 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-27 18:58 - 2014-12-27 18:58 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-27 18:57 - 2014-12-27 18:58 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-12-27 18:57 - 2014-12-27 18:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-27 16:24 - 2014-12-27 16:24 - 00004920 _____ () C:\Users\Average Savage\Downloads\fixlist.txt
2014-12-26 15:57 - 2015-01-09 16:31 - 00000000 ___DC () C:\FRST
2014-12-26 15:56 - 2015-01-07 12:01 - 02124288 ____C (Farbar) C:\Users\Average Savage\Desktop\FRST64.exe
2014-12-18 20:45 - 2014-12-18 20:45 - 00000000 __SHD () C:\Users\Average Savage\AppData\Local\EmieBrowserModeList
2014-12-18 02:26 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 02:26 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-10 03:57 - 2014-12-10 03:57 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:05 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 01:08 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 01:08 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 01:08 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 01:08 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 01:08 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 01:08 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 01:08 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 01:08 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 01:08 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:08 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 01:08 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 01:08 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 01:08 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 01:08 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 01:08 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:08 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 01:08 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 01:08 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 01:08 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 01:08 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 01:08 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 01:08 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:08 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 01:08 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 01:08 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 01:08 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 01:08 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 01:08 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 01:08 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 01:08 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:08 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 01:08 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 01:08 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 01:08 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 01:08 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 01:08 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 01:08 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:08 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 01:06 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 01:06 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 01:06 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 01:06 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 01:06 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 01:06 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:06 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 01:06 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 16:35 - 2012-10-03 17:15 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-01-09 16:33 - 2012-06-03 00:04 - 01414749 _____ () C:\windows\WindowsUpdate.log
2015-01-09 16:29 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:29 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:23 - 2013-10-22 12:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-09 16:21 - 2012-10-03 17:23 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 16:21 - 2012-10-03 17:15 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-09 16:21 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-09 16:21 - 2012-06-03 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-09 16:21 - 2012-06-03 00:41 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-09 16:21 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-09 16:21 - 2009-07-13 21:51 - 00087403 _____ () C:\windows\setupact.log
2015-01-09 16:20 - 2010-11-20 20:47 - 00220146 _____ () C:\windows\PFRO.log
2015-01-09 16:16 - 2012-10-03 17:23 - 00000000 ____D () C:\Users\Average Savage\AppData\Local\Google
2015-01-09 16:15 - 2012-10-13 17:54 - 00000000 ____D () C:\Users\Average Savage\AppData\Roaming\SoftGrid Client
2015-01-09 16:13 - 2014-09-07 21:01 - 00000944 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000UA.job
2015-01-09 16:13 - 2012-10-03 17:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 16:12 - 2012-06-03 00:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 18:51 - 2014-09-07 21:01 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731679655-819755991-414572229-1000Core.job
2015-01-08 13:22 - 2012-10-04 13:13 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2015-01-08 13:20 - 2012-10-03 17:15 - 00003460 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2015-01-08 12:46 - 2009-07-13 22:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-07 23:59 - 2012-10-03 17:15 - 00004278 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-31 04:14 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 15:55 - 2012-10-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 15:13 - 2012-11-19 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-29 15:13 - 2012-11-19 18:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-26 15:35 - 2013-09-07 00:57 - 00000000 ____D () C:\Users\Average Savage\Documents\UCDenver
2014-12-26 15:16 - 2014-04-03 00:27 - 00009216 ___SH () C:\Users\Average Savage\Downloads\Thumbs.db
2014-12-26 14:43 - 2014-12-09 02:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-13 14:07 - 2013-11-20 18:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-13 14:07 - 2012-06-03 00:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 13:47 - 2012-10-03 17:12 - 00126136 _____ () C:\Users\Average Savage\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-10 04:22 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-12-10 03:57 - 2012-06-03 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 03:57 - 2012-06-03 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 03:57 - 2012-06-03 00:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 03:44 - 2012-10-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 03:24 - 2013-08-18 02:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 03:11 - 2012-10-04 13:25 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 12:29

==================== End Of Log ============================

 


  • 0

#18
BrianDrab
Posted 10 January 2015 - 08:44 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK! Well done, your computer is clean again!  :thumbsup:  Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
I do see that Adobe Reader and Flash are outdated so you should update those to the current version. Information on this is below.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
 
4. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 25.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u25.JPG
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: You don't have JAVA installed which is preferred if you don't need it.
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u25-windows-i586.exe or jre-8u25-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
5. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader
If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.
If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
6. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
7. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
Updates.JPG
 
 
8. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.
 
1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
VerifyVersion.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#19
espeed
Posted 10 January 2015 - 10:52 PM

espeed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I can't thank you enough for helping me resolve my virus problem, it is greatly appreciated. I have followed all of your advice from this most recent post, and will keep an eye on my updates as well. Have a great new year! 

 

 

# DelFix v10.8 - Logfile created 10/01/2015 at 21:31:37
# Updated 29/07/2014 by Xplode
# Username : Average Savage - LAZLO
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\Users\Average Savage\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #209 [Windows Update | 12/29/2014 02:42:13]
Deleted : RP #210 [Configured Microsoft Office Enterprise 2007 | 12/29/2014 22:10:46]
Deleted : RP #212 [Restore Point Created by FRST | 12/29/2014 22:33:05]
Deleted : RP #213 [Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64). | 12/30/2014 04:13:58]
Deleted : RP #214 [Windows Update | 01/02/2015 03:10:21]
Deleted : RP #215 [Windows Update | 01/05/2015 03:34:57]
Deleted : RP #217 [Restore Point Created by FRST | 01/06/2015 00:08:41]
Deleted : RP #218 [Windows Update | 01/08/2015 07:13:49]
Deleted : RP #220 [Restore Point Created by FRST | 01/09/2015 23:16:04]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#20
godawgs
Posted 11 January 2015 - 10:18 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP