Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC problems.

Started by Ndavies19899 , Jul 24 2015 11:18 AM
Virus malware pc

  • This topic is locked This topic is locked

#16
Ndavies19899
Posted 24 July 2015 - 02:11 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Sorry for the delay,

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by User at 2015-07-24 21:04:26 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & Stephanie & Leo)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\Setup_wm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Google\Chrome\Application\chrome.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpsideshowgadget.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Sidebar <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnetwk.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\More Games\MoreGames.dll <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows NT\Accessories\wordpad.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\FreeCell\freecell.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmprph.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Solitaire\solitaire.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpconfig.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Hearts\hearts.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Minesweeper\minesweeper.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Chess\chess.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmlaunch.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Defender <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Microsoft Games\SpiderSolitaire\spidersolitaire.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Internet Explorer <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpshare.exe <====== ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpenc.exe <====== ATTENTION
ShortcutTarget: Clash of Clans.lnk -> C:\ProgramData\{a8a5e82a-2384-b140-a8a5-5e82a238a0a8}\Clash of Clans.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2276093219-456965671-1327668654-1004\User: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-2276093219-456965671-1327668654-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-2276093219-456965671-1327668654-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
Toolbar: HKU\S-1-5-21-2276093219-456965671-1327668654-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Hosts: 54.225.95.126 alnbbbmmheedjelgjiljibhlicildiae
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-15 16:24 - 2015-07-15 16:24 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG2015
2015-07-15 16:24 - 2015-07-15 16:24 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-15 16:23 - 2015-07-15 16:23 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-15 16:23 - 2015-07-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-15 16:21 - 2015-07-15 16:24 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-15 16:21 - 2015-07-15 16:21 - 00000000 ___HD C:\$AVG
2015-07-15 16:17 - 2015-07-15 16:17 - 05021528 _____ (AVG Technologies) C:\Users\User\Downloads\avg_free_stb_all_6086p1_177.exe
2015-07-15 16:39 - 2014-10-17 21:03 - 00000000 ____D C:\Users\User\AppData\Local\Avg2015
2015-07-15 16:20 - 2014-09-20 15:41 - 00000000 ____D C:\Program Files\AVG
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\User\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\310\temp\6912981914866206677b.exe No File
Task: {38CA1FCC-0AC7-40C1-8DC6-355BE60B1E56} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}\Clash of Clans.exe <==== ATTENTION
C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}
Task: {ABA79391-E23F-43A3-9B4A-59CB002C5331} - System32\Tasks\ReactorAppend => c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}\6912981914866206677b.exe <==== ATTENTION
c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}\Clash of Clans.exe <==== ATTENTION
Task: C:\Windows\Tasks\ReactorAppend.job => c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}\6912981914866206677b.exe <==== ATTENTION
2015-07-15 21:42 - 2015-06-04 15:42 - 00000352 _____ C:\Windows\Tasks\ReactorAppend.job
FirewallRules: [{07142C0E-BBE2-4AA9-B240-0C09260DE057}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{41647469-6336-4E7D-BF4B-B38348EB6B47}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{3C83732F-B853-4CA3-975C-9E9C43BF930C}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{10FF07BF-35E7-4A1E-8949-7ADF0E26C329}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{02E867DB-130F-437B-99E4-90A9754FB239}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{80802F30-C554-4FC5-9A72-461624BF2761}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E819292B-A2DD-4F61-B41B-02276EACB033}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{4A0BE214-6167-4CD4-A641-5599EC57AB1B}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-2276093219-456965671-1327668654-1004 => Group Policy Restriction on software not found
C:\ProgramData\{a8a5e82a-2384-b140-a8a5-5e82a238a0a8}\Clash of Clans.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2276093219-456965671-1327668654-1004\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-2276093219-456965671-1327668654-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
gupdate => Service not found.
gupdatem => Service not found.
MBAMSwissArmy => Service removed successfully.
VGPU => Service removed successfully.
"C:\Users\User\AppData\Roaming\AVG2015" => File/Folder not found.
C:\Program Files\Common Files\AV => moved successfully.
"C:\Users\Public\Desktop\AVG 2015.lnk" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG" => File/Folder not found.
"C:\ProgramData\AVG2015" => File/Folder not found.
"C:\$AVG" => File/Folder not found.
"C:\Users\User\Downloads\avg_free_stb_all_6086p1_177.exe" => File/Folder not found.
"C:\Users\User\AppData\Local\Avg2015" => File/Folder not found.
C:\Program Files\AVG => moved successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}" => key removed successfully.
"HKU\S-1-5-21-2276093219-456965671-1327668654-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38CA1FCC-0AC7-40C1-8DC6-355BE60B1E56}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38CA1FCC-0AC7-40C1-8DC6-355BE60B1E56}" => key removed successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task" => key removed successfully.
"C:\ProgramData\{0ed61fee-fd99-b10e-0ed6-61feefd97fbb}" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABA79391-E23F-43A3-9B4A-59CB002C5331}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABA79391-E23F-43A3-9B4A-59CB002C5331}" => key removed successfully.
C:\Windows\System32\Tasks\ReactorAppend => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReactorAppend" => key removed successfully.
"c:\programdata\{843ad804-ee2d-9cfb-843a-ad804ee26013}" => File/Folder not found.
C:\Windows\Tasks\Bidaily Synchronize Task.job => moved successfully.
C:\Windows\Tasks\ReactorAppend.job => moved successfully.
"C:\Windows\Tasks\ReactorAppend.job" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07142C0E-BBE2-4AA9-B240-0C09260DE057} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41647469-6336-4E7D-BF4B-B38348EB6B47} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C83732F-B853-4CA3-975C-9E9C43BF930C} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10FF07BF-35E7-4A1E-8949-7ADF0E26C329} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02E867DB-130F-437B-99E4-90A9754FB239} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80802F30-C554-4FC5-9A72-461624BF2761} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E819292B-A2DD-4F61-B41B-02276EACB033} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A0BE214-6167-4CD4-A641-5599EC57AB1B} => value not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{AC3DEAED-6705-4E42-9178-C613AE10ABCA} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 88.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:06:10 ====


  • 0

Advertisements

#17
Ndavies19899
Posted 24 July 2015 - 02:55 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

It's getting on a bit now, are you from the UK? If so, should we continue tomorrow? I'll be up a while yet but not sure about yourself :)


  • 0

#18
zep516
Posted 24 July 2015 - 04:59 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Do this,

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.


In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#19
Ndavies19899
Posted 24 July 2015 - 06:03 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hey Joe,

 

PC crashed a few times after downlaoding adw cleaner, anyway, here are the requested logs:

 

# AdwCleaner v4.207 - Logfile created 26/06/2015 at 16:59:28
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : User - MAINPC
# Running from : C:\Users\User\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{a8a5e82a-2384-b140-a8a5-5e82a238a0a8}
Folder Deleted : C:\Users\User\AppData\Local\MediaDrug
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A336F17E-321F-43FA-9BE6-873BBDFF418E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\Squeaky
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18870

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v43.0.2357.81

*************************

AdwCleaner[R0].txt - [16678 bytes] - [15/10/2014 09:12:15]
AdwCleaner[R1].txt - [1318 bytes] - [15/10/2014 09:19:07]
AdwCleaner[R2].txt - [1397 bytes] - [17/10/2014 14:38:57]
AdwCleaner[R3].txt - [1457 bytes] - [17/10/2014 14:46:57]
AdwCleaner[R4].txt - [3966 bytes] - [26/06/2015 16:57:29]
AdwCleaner[S0].txt - [15285 bytes] - [15/10/2014 09:15:04]
AdwCleaner[S1].txt - [1244 bytes] - [15/10/2014 09:21:37]
AdwCleaner[S2].txt - [1602 bytes] - [17/10/2014 14:50:35]
AdwCleaner[S3].txt - [3741 bytes] - [26/06/2015 16:59:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3800  bytes] ##########
# AdwCleaner v4.208 - Logfile created 25/07/2015 at 00:52:38
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : User - MAINPC
# Running from : C:\Users\User\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\5689688104766245928

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\22a5c867-b378-3541-7563-80befd1195b1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A336F17E-321F-43FA-9BE6-873BBDFF418E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\Squeaky
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\RapidMediaConverterApp
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18896

*************************

AdwCleaner[R0].txt - [16678 bytes] - [15/10/2014 09:12:15]
AdwCleaner[R1].txt - [1318 bytes] - [15/10/2014 09:19:07]
AdwCleaner[R2].txt - [1397 bytes] - [17/10/2014 14:38:57]
AdwCleaner[R3].txt - [1457 bytes] - [17/10/2014 14:46:57]
AdwCleaner[R4].txt - [7015 bytes] - [26/06/2015 16:57:29]
AdwCleaner[R5].txt - [3108 bytes] - [25/07/2015 00:26:15]
AdwCleaner[R6].txt - [3167 bytes] - [25/07/2015 00:51:20]
AdwCleaner[S0].txt - [15285 bytes] - [15/10/2014 09:15:04]
AdwCleaner[S1].txt - [1244 bytes] - [15/10/2014 09:21:37]
AdwCleaner[S2].txt - [1602 bytes] - [17/10/2014 14:50:35]
AdwCleaner[S3].txt - [6967 bytes] - [26/06/2015 16:59:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [7026  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x86
Ran by User on 25/07/2015 at  0:57:35.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Krab Web
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Krab Web

 

~~~ Files

Successfully deleted: [File] C:\Users\User\AppData\Roaming\appdataFr25.bin

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\myfree codec
Successfully deleted: [Folder] C:\Users\User\Appdata\Local\com

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2015 at  1:01:04.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#20
zep516
Posted 24 July 2015 - 06:13 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

If it's getting late for you can post this tomorrow.

Run your Malwarebytes and post the log.

Next
Please run the avg removal tool for--> AVG 2015 64Bit.
Second on down on This page.
Download it, run it, post the log file it creates.
  • 0

#21
Ndavies19899
Posted 24 July 2015 - 06:14 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

where would i find my malwarebytes?


  • 0

#22
zep516
Posted 24 July 2015 - 06:17 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
I thought you had it installed. Lets install it now..

EDIT SORRY..... Here you go
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#23
Ndavies19899
Posted 24 July 2015 - 06:34 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK I'll do all that in the morning...computer crashed whilst malware was looking for updates. Will take me about half hour just to shut it down lol. Thanks for your help tonight Joe

Look forward to getting to the bottom of this tomorrow.
Nathan.
  • 0

#24
zep516
Posted 24 July 2015 - 06:40 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK,

At some point see if you can find the Combofix log.

It's located on the "C" Drive here---> C:\ComboFix.txt

I want to see what combofix deleted if anything....

See you Tomorrow
  • 0

#25
Ndavies19899
Posted 25 July 2015 - 09:20 AM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi Joe,

 

Scan finally completed, results are as follows:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25/07/2015
Scan Time: 09:47
Logfile: Malware Log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.25.01
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434607
Time Elapsed: 6 hr, 12 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 24
PUP.Optional.BrowserWarden.A, HKLM\SOFTWARE\CLASSES\CLSID\{A77A0AD6-2DCF-40DC-8DDF-840A9886BA35}, Quarantined, [4aabcb1acdbd0333b730c5c32cd6bf41],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataContainer, Quarantined, [847118cd256584b2c8a6d3bfca3ade22],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataContainer.1, Quarantined, [4ea7c322cac0171f313d9002030119e7],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataController, Quarantined, [9b5a1acbbccee35376f893ffb94b14ec],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataController.1, Quarantined, [55a044a1a5e52c0a1955830feb196e92],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTable, Quarantined, [e5102bba27631b1b4d218012ff059868],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTable.1, Quarantined, [12e36085fb8f58de8ae49cf6848022de],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableFields, Quarantined, [91646c79acdea98dfc72781a679dd52b],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableFields.1, Quarantined, [e510f6efd5b5cb6b7cf2c6cc58ac738d],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableHolder, Quarantined, [579e885d1d6d9f97f579731fe61e2ed2],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.DataTableHolder.1, Quarantined, [b144bc29dfabb5810c629200c73de719],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.LSPLogic, Quarantined, [609536affa902016ec82632ff2127d83],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.LSPLogic.1, Quarantined, [8570dd085d2dc76fc0ae286a897b8779],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.ReadOnlyManager, Quarantined, [45b0d4112d5dd85ea0ce22702ed63bc5],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.ReadOnlyManager.1, Quarantined, [fbfab431bbcfaf8781ed7f130ef6aa56],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.WatchDog, Quarantined, [37be0adb5535c5711955c9c98084f50b],
PUP.Optional.MyOSProtect.A, HKLM\SOFTWARE\CLASSES\MyOSProtectLib.WatchDog.1, Quarantined, [2bca7273375379bdabc30f837094e917],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{04F2E890-1F5E-41AB-9520-17C20EECAEBD}, Quarantined, [85707273adddd561877ceda97094b44c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{698634B0-C25A-49A8-B3C7-2631FD964719}, Quarantined, [93622bba1c6ecf67986d2c6aa06430d0],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [876ee8fd96f442f4f8df7c1e659f59a7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{04F2E890-1F5E-41AB-9520-17C20EECAEBD}, Quarantined, [1ed719cc5931aa8ca06044520cf8b44c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{698634B0-C25A-49A8-B3C7-2631FD964719}, Quarantined, [6f860cd9296111250ff38b0b1fe5a759],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93F3B635-574F-48A9-BCBB-6B25CAE39A41}, Quarantined, [6a8bf2f36f1b56e053af8412fd07bc44],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC5BA2B6-55A8-4139-85CE-576FC5BEF769}, Quarantined, [e70ef6ef9af0181ea75af6a0e420f60a],

Registry Values: 6
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{04f2e890-1f5e-41ab-9520-17c20eecaebd}|AppName, videosMediaPlayer+++-bg.exe, Quarantined, [85707273adddd561877ceda97094b44c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{698634b0-c25a-49a8-b3c7-2631fd964719}|AppName, videosMediaPlayer+++-codedownloader.exe, Quarantined, [93622bba1c6ecf67986d2c6aa06430d0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{04f2e890-1f5e-41ab-9520-17c20eecaebd}|AppName, videosMediaPlayer+++-bg.exe, Quarantined, [1ed719cc5931aa8ca06044520cf8b44c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{698634b0-c25a-49a8-b3c7-2631fd964719}|AppName, videosMediaPlayer+++-codedownloader.exe, Quarantined, [6f860cd9296111250ff38b0b1fe5a759]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93F3B635-574F-48A9-BCBB-6B25CAE39A41}|AppName, c6c4a2ac-b9a3-4a1f-a1b1-1519396ee9fe-2.exe-codedownloader.exe, Quarantined, [6a8bf2f36f1b56e053af8412fd07bc44]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2276093219-456965671-1327668654-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC5BA2B6-55A8-4139-85CE-576FC5BEF769}|AppName, c6c4a2ac-b9a3-4a1f-a1b1-1519396ee9fe-2.exe-buttonutil.exe, Quarantined, [e70ef6ef9af0181ea75af6a0e420f60a]

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124, Quarantined, [4aab5590dab0162072f5deb2ce363ec2],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg, Quarantined, [4aab5590dab0162072f5deb2ce363ec2],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182, Quarantined, [7b7a6580880256e0f473f69a5da7ab55],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo, Quarantined, [7b7a6580880256e0f473f69a5da7ab55],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1, Quarantined, [9164c3227c0e52e4aabdf39dbe461be5],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk, Quarantined, [9164c3227c0e52e4aabdf39dbe461be5],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138, Quarantined, [6590b82d4e3cd1653a2d414f1aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm, Quarantined, [6590b82d4e3cd1653a2d414f1aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124, Quarantined, [f302ffe60684e94d8add0c841aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg, Quarantined, [f302ffe60684e94d8add0c841aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1, Quarantined, [33c2b0352f5b6cca6502830d56ae6997],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk, Quarantined, [33c2b0352f5b6cca6502830d56ae6997],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138, Quarantined, [bf36cd18f99139fd6007494735cf3dc3],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm, Quarantined, [bf36cd18f99139fd6007494735cf3dc3],
PUP.Optional.MediaDrug.C, C:\Users\User\Music\MediaDrug, Quarantined, [c0356382becc2a0c6564f112c43fca36],

Files: 18
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\lsdb.js, Quarantined, [4aab5590dab0162072f5deb2ce363ec2],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\content.js, Quarantined, [4aab5590dab0162072f5deb2ce363ec2],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\d5RbJL85C.js, Quarantined, [4aab5590dab0162072f5deb2ce363ec2],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\lsdb.js, Quarantined, [7b7a6580880256e0f473f69a5da7ab55],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\content.js, Quarantined, [7b7a6580880256e0f473f69a5da7ab55],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\noosQp.js, Quarantined, [7b7a6580880256e0f473f69a5da7ab55],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1\lsdb.js, Quarantined, [9164c3227c0e52e4aabdf39dbe461be5],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1\content.js, Quarantined, [9164c3227c0e52e4aabdf39dbe461be5],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138\lsdb.js, Quarantined, [6590b82d4e3cd1653a2d414f1aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138\content.js, Quarantined, [6590b82d4e3cd1653a2d414f1aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\lsdb.js, Quarantined, [f302ffe60684e94d8add0c841aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\content.js, Quarantined, [f302ffe60684e94d8add0c841aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg\124\d5RbJL85C.js, Quarantined, [f302ffe60684e94d8add0c841aeac739],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1\lsdb.js, Quarantined, [33c2b0352f5b6cca6502830d56ae6997],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmocdcfhjgpihmndmdjocgpfhfcllgk\1.1\content.js, Quarantined, [33c2b0352f5b6cca6502830d56ae6997],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138\lsdb.js, Quarantined, [bf36cd18f99139fd6007494735cf3dc3],
PUP.Optional.MultiPlug.A, C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdhgbjlokeheknpnmiidkbdliimhapm\138\content.js, Quarantined, [bf36cd18f99139fd6007494735cf3dc3],
PUP.Optional.MediaDrug.C, C:\Users\User\Music\MediaDrug\default.mdp, Quarantined, [c0356382becc2a0c6564f112c43fca36],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Here's the combox log you also requested:

 

ComboFix 15-06-26.01 - User 26/06/2015  16:39:22.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.1920.455 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5689688104766245928
c:\programdata\5689688104766245928\1547aa30421efb5b34957d5b27deca8d.ini
c:\programdata\5689688104766245928\29c0035e57b1c7fb34957d5b27deca8d.ini
c:\programdata\5689688104766245928\8cc824d73f9051d134957d5b27deca8d.ini
c:\programdata\5689688104766245928\8e321769d145550834957d5b27deca8d.ini
c:\programdata\5689688104766245928\8eb0729fbf1cb05234957d5b27deca8d.ini
c:\programdata\5689688104766245928\b1b04b8135a80c9734957d5b27deca8d.ini
c:\programdata\5689688104766245928\b7d76346d4cfc55834957d5b27deca8d.ini
c:\programdata\5689688104766245928\e1a11ca282117dcd34957d5b27deca8d.ini
c:\users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\background.html
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\content.js
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\lsdb.js
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igolmjggoglbmfpnbmgkgpiinpbefmlo\182\noosQp.js
c:\users\Leo\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Local\Temp\310\temp\6912981914866206677b.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-26 to 2015-06-26  )))))))))))))))))))))))))))))))
.
.
2015-06-26 15:46 . 2015-06-26 15:46 -------- d-----w- c:\users\User\AppData\Local\temp
2015-06-17 19:39 . 2015-04-24 17:56 530432 ----a-w- c:\windows\system32\comctl32.dll
2015-06-16 20:14 . 2015-05-25 17:00 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-06-16 20:14 . 2015-04-29 18:06 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-06-16 20:14 . 2015-04-29 18:07 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-16 20:14 . 2015-04-29 18:07 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-16 20:14 . 2015-04-29 18:07 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-06-16 20:14 . 2015-04-29 18:06 102400 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-06-16 20:14 . 2015-04-29 18:06 101888 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-06-16 20:14 . 2015-04-29 18:05 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-06-04 14:47 . 2015-06-24 16:51 24 ----a-w- c:\users\User\AppData\Roaming\appdataFr25.bin
2015-06-04 14:42 . 2015-06-04 14:42 4096 ----a-w- c:\windows\system32\ntwdblib.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 20:32 . 2014-04-15 15:47 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-23 20:32 . 2014-04-15 15:47 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-04 20:47 . 2015-02-21 14:37 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-05-01 13:16 . 2015-05-13 19:51 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 02:55 . 2015-05-13 19:23 811520 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:55 . 2015-05-13 19:23 1081344 ----a-w- c:\windows\system32\DWrite.dll
2015-04-19 12:53 . 2015-01-09 15:19 5199808 ----a-w- c:\windows\system32\SpoonUninstall.exe
2015-04-18 02:56 . 2015-05-13 19:23 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-14 02:38 . 2015-04-14 02:38 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-04-13 03:19 . 2015-05-13 19:23 259072 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:14 . 2015-05-13 19:18 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-13 19:18 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14 . 2015-05-13 19:18 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-04 06:39 . 2015-04-24 15:33 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{914406DD-5029-44B6-8867-2920513B98AA}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-05-22 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2015-04-28 311616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ    DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 20:03 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-15 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.goodforsearch.info/?pid=24380&r=2015/05/03&hid=3789072491966548621&lg=EN&cc=GB&unqvl=86
mStart Page = hxxp://websearch.goodforsearch.info/?pid=24380&r=2015/05/03&hid=3789072491966548621&lg=EN&cc=GB&unqvl=86
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clash of Clans.lnk - c:\programdata\{a8a5e82a-2384-b140-a8a5-5e82a238a0a8}\Clash of Clans.exe --startup=1
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-26  16:47:58
ComboFix-quarantined-files.txt  2015-06-26 15:47
.
Pre-Run: 426,452,226,048 bytes free
Post-Run: 426,708,897,792 bytes free
.
- - End Of File - - 3C7B91F19167C8D0D4C8C8BF068F9072
A36C5E4F47E84449FF07ED3517B43A31
 

 

Thanks again for all your help :)

Nathan.


  • 0

Advertisements

#26
zep516
Posted 25 July 2015 - 12:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

In post # 20 I instructed you to run the AVG removal tool. Please do that. Then we need to remove Combofix in this manner, Combofix makes changes to the computer so it's important to remove it this way.

Uninstall Combofix
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and paste the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

    1 Remove combofix
    2 Post the AVG remove log.

    Thanks
    Joe :)


  • 0

#27
Ndavies19899
Posted 25 July 2015 - 01:35 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

I ran the avg removal tool but a log as'nt created, is this ok? should i just carry on with later instructions?


  • 0

#28
zep516
Posted 25 July 2015 - 01:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Yes carry on...
  • 0

#29
Ndavies19899
Posted 25 July 2015 - 01:38 PM

Ndavies19899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

It's saying the file could not be found when pasting ComboFix /Uninstall into "run".


  • 0

#30
zep516
Posted 25 July 2015 - 01:55 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
ok,

Time to look at a new set of logs, you might want to delete any FRST.txt logs and addition.txt Logs from the desktop now!

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Right click "Run as administrator" When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP