Results 1 to 7 of 7

Thread: dlllhost.exe.32 com surr

  1. 2014-09-21, 20:58 #1
    chrisnoley256
    chrisnoley256 is offline
    Junior Member
    Join Date
    Sep 2014
    Posts
    4

    Default dlllhost.exe.32 com surr

    HI,


    I have been trying to fix my girlfriends uncle's computer and I realize now I am over my head. what I have done so far. I ran a rescue disk by avast. ran a scan with malware bytes, added spyware blaster, and used cc cleaner just to get rid of temp files. I tried to run the aswmbr scan but it kept freezing on me I saved a log file of what was scanned. I wont try to do anything else until I get a response. thanks for the help in advance.

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-21 13:34:25
    -----------------------------
    13:34:25.914 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:25.914 Number of processors: 2 586 0x200
    13:34:25.929 ComputerName: CHUCKJOHNSON-PC UserName: chuck johnson
    13:34:27.255 Initialize success
    13:34:27.302 VM: driver load error: 2
    13:34:29.564 AVAST engine defs: 14092100
    13:34:36.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    13:34:36.709 Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 11
    13:34:36.802 Disk 0 MBR read successfully
    13:34:36.818 Disk 0 MBR scan
    13:34:37.177 Disk 0 Windows 7 default MBR code
    13:34:37.208 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
    13:34:37.270 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
    13:34:37.286 Disk 0 default boot code
    13:34:37.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848
    13:34:37.520 Disk 0 scanning C:\Windows\system32\drivers
    13:34:47.598 Service scanning
    13:35:08.689 Modules scanning
    13:35:08.704 Disk 0 trace - called modules:
    13:35:08.751 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    13:35:08.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004eee060]
    13:35:08.798 3 CLASSPNP.SYS[fffff880018db43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800497f1f0]
    13:35:09.796 AVAST engine scan C:\Windows
    13:35:12.402 AVAST engine scan C:\Windows\system32
    13:38:15.047 AVAST engine scan C:\Windows\system32\drivers
    13:38:27.121 AVAST engine scan C:\Users\chuck johnson
    14:05:38.697 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
    14:05:38.744 The log file has been saved successfully to "E:\aswMBR.txt"


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
    Ran by chuck johnson (administrator) on CHUCKJOHNSON-PC on 21-09-2014 13:28:47
    Running from E:\
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-21] (AVAST Software)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3738467188-906625896-3235375403-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3738467188-906625896-3235375403-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
    AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
    AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
    AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U146H&ocid=U146HDHP
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=U146G&ocid=U146GDHP
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
    SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=394&systemid=406&v=a11465-114&apn_uid=6524321401504548&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0LoDud9kfsPY6zvd5xMTSgfnHC2t1aOjeEWvOuJvp-hNn0yoj8LlSBINn77LvyisRaA-LZrwXfSkiIuKcxeR37noxymDXkqGEOfOH6r9CfjKOxP5jkGutyVdFQztEebQ,,&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: saveitkeep. -> {A250293A-8904-1519-DE26-5BAEA3A63A67} -> C:\ProgramData\saveitkeep\s7Muhdi.x64.dll No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: RoyalShuoppeErApp -> {B324F063-F0CC-6C57-C60B-B1187F7D6DD4} -> C:\ProgramData\RoyalShuoppeErApp\vROBRgft.x64.dll No File
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-20]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP
    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP", "hxxp://mail.live.com/"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchProvider: Default -> Bing
    CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=U146HD&PC=U146H&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U146HD&PC=U146H
    CHR Profile: C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
    CHR Extension: (Google Drive) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
    CHR Extension: (YouTube) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
    CHR Extension: (Search) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
    CHR Extension: (Google Wallet) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
    CHR Extension: (Gmail) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
    CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\chuck johnson\AppData\Local\Torch\Plugins\TorchPlugin.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-20] (AVAST Software)
    S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
    S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
    S2 LMIRescueUA_2029536; C:\Users\chuck johnson\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe [2445144 2014-04-03] (LogMeIn, Inc.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-29] (AVG Secure Search)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-20] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-20] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-20] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-20] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-20] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-21] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-20] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-20] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-29] (AVG Technologies)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-25] ()
    S1 netfilter64; system32\drivers\netfilter64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-21 13:28 - 2014-09-21 13:28 - 00000000 ____D () C:\FRST
    2014-09-21 04:33 - 2014-09-21 04:33 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-21 04:32 - 2014-09-21 04:33 - 04901352 _____ (Piriform Ltd) C:\Users\chuck johnson\Downloads\ccsetup417.exe
    2014-09-21 04:29 - 2014-09-21 04:29 - 00000000 ____D () C:\ProgramData\Licenses
    2014-09-21 04:28 - 2014-09-21 04:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-09-21 04:28 - 2014-09-21 04:28 - 04095448 _____ (BrightFort LLC ) C:\Users\chuck johnson\Downloads\spywareblastersetup50.exe
    2014-09-21 04:28 - 2014-09-21 04:28 - 00001088 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-09-21 04:28 - 2014-09-21 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-09-21 04:28 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
    2014-09-21 04:06 - 2014-09-21 04:06 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Google
    2014-09-21 04:03 - 2014-09-21 04:03 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\AVAST Software
    2014-09-20 22:33 - 2014-09-20 22:33 - 00000000 ____D () C:\Users\chuck johnson\Documents\ProcAlyzer Dumps
    2014-09-20 16:09 - 2014-09-20 22:30 - 50063360 _____ () C:\Program Files (x86)\GUT2932.tmp
    2014-09-20 16:09 - 2014-09-20 16:11 - 00000000 ____D () C:\ProgramData\Google
    2014-09-20 16:09 - 2014-09-20 16:09 - 00000000 ____D () C:\Program Files (x86)\GUM2912.tmp
    2014-09-20 16:08 - 2014-09-21 04:59 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-20 16:08 - 2014-09-20 16:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-20 16:08 - 2014-09-20 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-20 16:05 - 2014-09-20 16:05 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
    2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\chuck johnson\Downloads\avast_free_antivirus_setup_online.exe
    2014-09-19 10:49 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-09-19 02:50 - 2014-09-01 02:51 - 00000828 _____ () C:\Windows\system32\Drivers\etc\hosts.20140918-235014.backup
    2014-09-19 02:25 - 2014-09-19 02:25 - 00000000 ____D () C:\Program Files (x86)\Belkin
    2014-09-19 02:16 - 2014-09-19 02:16 - 00000000 ____D () C:\Windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
    2014-09-19 01:49 - 2014-09-20 16:05 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-19 01:27 - 2014-09-21 00:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-09-19 01:27 - 2014-09-19 01:27 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-09-19 01:27 - 2014-09-19 01:27 - 00001388 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-09-19 01:27 - 2013-09-20 13:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2014-09-19 01:26 - 2014-09-19 02:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-18 02:49 - 2014-09-18 02:49 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (33).EXE
    2014-09-18 02:38 - 2014-09-18 02:39 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (32).EXE
    2014-09-18 02:37 - 2014-09-18 02:38 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (31).EXE
    2014-09-17 22:02 - 2014-09-17 22:05 - 00000123 _____ () C:\Users\chuck johnson\Desktop\Tech Support.txt
    2014-09-17 21:31 - 2014-09-17 21:31 - 00000093 _____ () C:\Users\chuck johnson\Desktop\email.txt
    2014-09-17 21:03 - 2014-09-17 21:04 - 01529152 _____ (LogMeIn, Inc.) C:\Users\chuck johnson\Downloads\Support-LogMeInRescue.exe
    2014-09-17 20:47 - 2014-09-17 20:47 - 00000000 ____D () C:\Windows\pss
    2014-09-13 23:27 - 2014-09-13 23:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (3).exe
    2014-09-13 23:19 - 2014-09-13 23:19 - 03193192 ____N (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (2).exe
    2014-09-13 20:28 - 2014-09-13 20:28 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (1).exe
    2014-09-13 20:27 - 2014-09-13 20:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup.exe
    2014-09-10 12:17 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-10 12:17 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-09-10 12:17 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-10 12:17 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-10 12:17 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-10 12:17 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-09-10 12:17 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-10 12:17 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-10 12:17 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-10 12:17 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-10 12:17 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-10 12:17 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-10 12:17 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-09-10 12:17 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-10 12:17 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-10 12:17 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-10 12:17 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-10 12:17 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-10 12:17 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-10 12:17 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-09-10 12:17 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-10 12:17 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-10 12:17 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-09-10 12:17 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-10 12:17 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-09-10 12:17 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-09-10 12:17 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-09-10 12:17 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-09-10 12:17 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-10 12:17 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-10 12:17 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-09-10 12:17 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-09-10 12:17 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-10 12:17 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-09-10 12:17 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-09-10 12:17 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-09-10 12:17 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-09-10 12:17 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-10 12:17 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-10 12:17 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-10 12:17 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-10 12:17 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-10 12:17 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-09-10 12:17 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-09-10 12:17 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-09-10 12:17 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-10 12:17 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-09-10 12:17 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-10 12:17 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-09-10 12:17 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-09-10 12:17 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-09-10 12:17 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-10 12:17 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-09-10 12:17 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-09-10 12:17 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-10 12:17 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-09-09 18:50 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-09 18:50 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-09 18:50 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-09-09 18:50 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-09-09 18:50 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-08-27 23:17 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-27 23:17 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-27 23:17 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-21 13:28 - 2014-09-21 13:28 - 00000000 ____D () C:\FRST
    2014-09-21 12:53 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-21 07:29 - 2014-02-22 15:21 - 00000000 ____D () C:\temp
    2014-09-21 05:13 - 2014-01-22 02:42 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-21 05:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-21 05:13 - 2009-07-14 00:51 - 00111760 _____ () C:\Windows\setupact.log
    2014-09-21 05:11 - 2012-02-10 03:46 - 01904771 _____ () C:\Windows\WindowsUpdate.log
    2014-09-21 05:08 - 2014-01-22 02:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-21 05:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-21 05:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-21 05:00 - 2014-03-11 17:57 - 00000294 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
    2014-09-21 04:59 - 2014-09-20 16:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-21 04:58 - 2014-06-23 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-21 04:58 - 2014-03-11 17:57 - 00000288 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
    2014-09-21 04:58 - 2014-03-06 21:27 - 00001556 _____ () C:\Windows\Tasks\Video-for-PC-1.2-updater.job
    2014-09-21 04:58 - 2014-03-06 21:27 - 00001410 _____ () C:\Windows\Tasks\Video-for-PC-1.2-enabler.job
    2014-09-21 04:58 - 2014-03-06 21:26 - 00001512 _____ () C:\Windows\Tasks\Video-for-PC-1.2-codedownloader.job
    2014-09-21 04:58 - 2014-03-06 21:25 - 00002612 _____ () C:\Windows\Tasks\Video-for-PC-1.2-firefoxinstaller.job
    2014-09-21 04:58 - 2014-03-06 21:24 - 00003128 _____ () C:\Windows\Tasks\Video-for-PC-1.2-chromeinstaller.job
    2014-09-21 04:57 - 2010-11-20 23:47 - 01665082 _____ () C:\Windows\PFRO.log
    2014-09-21 04:47 - 2013-06-01 05:25 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\CrashDumps
    2014-09-21 04:47 - 2012-08-12 04:38 - 00000000 ____D () C:\Windows\Minidump
    2014-09-21 04:33 - 2014-09-21 04:33 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-21 04:33 - 2014-09-21 04:32 - 04901352 _____ (Piriform Ltd) C:\Users\chuck johnson\Downloads\ccsetup417.exe
    2014-09-21 04:31 - 2014-09-21 04:28 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-09-21 04:31 - 2014-02-26 05:03 - 00000000 ____D () C:\ProgramData\TEMP
    2014-09-21 04:29 - 2014-09-21 04:29 - 00000000 ____D () C:\ProgramData\Licenses
    2014-09-21 04:28 - 2014-09-21 04:28 - 04095448 _____ (BrightFort LLC ) C:\Users\chuck johnson\Downloads\spywareblastersetup50.exe
    2014-09-21 04:28 - 2014-09-21 04:28 - 00001088 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
    2014-09-21 04:28 - 2014-09-21 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2014-09-21 04:25 - 2014-01-22 02:42 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-21 04:24 - 2012-04-17 00:56 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Adobe
    2014-09-21 04:06 - 2014-09-21 04:06 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Google
    2014-09-21 04:06 - 2013-03-31 21:30 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\Google
    2014-09-21 04:06 - 2013-03-31 20:23 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\Torch
    2014-09-21 04:04 - 2013-04-28 00:49 - 00002374 _____ () C:\Windows\wininit.ini
    2014-09-21 04:03 - 2014-09-21 04:03 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\AVAST Software
    2014-09-21 00:45 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-09-20 22:33 - 2014-09-20 22:33 - 00000000 ____D () C:\Users\chuck johnson\Documents\ProcAlyzer Dumps
    2014-09-20 22:30 - 2014-09-20 16:09 - 50063360 _____ () C:\Program Files (x86)\GUT2932.tmp
    2014-09-20 16:11 - 2014-09-20 16:09 - 00000000 ____D () C:\ProgramData\Google
    2014-09-20 16:10 - 2014-01-22 02:43 - 00000000 ____D () C:\Program Files\Google
    2014-09-20 16:10 - 2014-01-22 02:41 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-09-20 16:09 - 2014-09-20 16:09 - 00000000 ____D () C:\Program Files (x86)\GUM2912.tmp
    2014-09-20 16:08 - 2014-09-20 16:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-20 16:08 - 2014-09-20 16:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-20 16:08 - 2014-09-20 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-20 16:08 - 2014-09-20 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-20 16:05 - 2014-09-20 16:05 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-09-20 16:05 - 2014-09-19 01:49 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
    2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\chuck johnson\Downloads\avast_free_antivirus_setup_online.exe
    2014-09-20 15:50 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-19 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-09-19 13:00 - 2012-04-17 00:56 - 00000000 ____D () C:\Users\chuck johnson
    2014-09-19 10:49 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-09-19 02:42 - 2014-09-19 01:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-19 02:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-19 02:25 - 2014-09-19 02:25 - 00000000 ____D () C:\Program Files (x86)\Belkin
    2014-09-19 02:25 - 2011-08-10 07:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-09-19 02:16 - 2014-09-19 02:16 - 00000000 ____D () C:\Windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
    2014-09-19 01:27 - 2014-09-19 01:27 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-09-19 01:27 - 2014-09-19 01:27 - 00001388 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-09-19 01:27 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-09-19 01:22 - 2011-08-10 07:53 - 00000000 ____D () C:\Windows\fr
    2014-09-18 02:49 - 2014-09-18 02:49 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (33).EXE
    2014-09-18 02:39 - 2014-09-18 02:38 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (32).EXE
    2014-09-18 02:38 - 2014-09-18 02:37 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (31).EXE
    2014-09-17 22:30 - 2014-04-03 15:11 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\LogMeIn Rescue Applet
    2014-09-17 22:05 - 2014-09-17 22:02 - 00000123 _____ () C:\Users\chuck johnson\Desktop\Tech Support.txt
    2014-09-17 21:31 - 2014-09-17 21:31 - 00000093 _____ () C:\Users\chuck johnson\Desktop\email.txt
    2014-09-17 21:04 - 2014-09-17 21:03 - 01529152 _____ (LogMeIn, Inc.) C:\Users\chuck johnson\Downloads\Support-LogMeInRescue.exe
    2014-09-17 20:47 - 2014-09-17 20:47 - 00000000 ____D () C:\Windows\pss
    2014-09-13 23:27 - 2014-09-13 23:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (3).exe
    2014-09-13 23:19 - 2014-09-13 23:19 - 03193192 ____N (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (2).exe
    2014-09-13 20:28 - 2014-09-13 20:28 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (1).exe
    2014-09-13 20:27 - 2014-09-13 20:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup.exe
    2014-09-11 19:34 - 2009-07-14 01:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-09-10 12:15 - 2014-02-27 17:27 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-09-09 23:05 - 2014-01-22 02:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-09 23:05 - 2013-10-29 19:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-09 23:05 - 2011-08-10 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-01 02:51 - 2014-09-19 02:50 - 00000828 _____ () C:\Windows\system32\Drivers\etc\hosts.20140918-235014.backup
    2014-08-25 09:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-22 22:07 - 2014-08-27 23:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 21:45 - 2014-08-27 23:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-22 20:59 - 2014-08-27 23:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    Some content of TEMP:
    ====================
    C:\Users\chuck johnson\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-19 13:42

    ==================== End Of Log ============================
  2. 2014-09-21, 21:21 #2
    LiquidTension
    LiquidTension is offline
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hello chrisnoley256, welcome to Safer Networking's Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that.

    ======================================================

    Please read through the points below to ensure this process moves as quickly and efficiently as possible.

    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
    • Please backup important documents before proceeding with my instructions.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.


    ======================================================

    Please consider the following warning, and let me know how you wish to proceed.

    BACKDOOR WARNING

    ------------------------------

    One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

    Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

    If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for further information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following information:


    Please let me know how you wish to proceed, and if you have any questions.
    Member of UNITE, and graduate from WTT.
  3. 2014-09-21, 22:13 #3
    chrisnoley256
    chrisnoley256 is offline
    Junior Member
    Join Date
    Sep 2014
    Posts
    4

    Default

    As far as I know the infected computer is not used for banking. what steps can I take to get the infected back to working order
  4. 2014-09-21, 22:36 #4
    chrisnoley256
    chrisnoley256 is offline
    Junior Member
    Join Date
    Sep 2014
    Posts
    4

    Default

    I talked to the owner and he is OK with reformatting the computer can I have some instruction on how to do so? Thanks again for the help
  5. 2014-09-21, 22:53 #5
    LiquidTension
    LiquidTension is offline
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    OK.

    What is the make and model of the machine?

    Please include the contents of Addition.txt (from running FRST) in your next post as well.
    Member of UNITE, and graduate from WTT.
  6. 2014-09-22, 06:07 #6
    chrisnoley256
    chrisnoley256 is offline
    Junior Member
    Join Date
    Sep 2014
    Posts
    4

    Default

    I had a friend come over and re format the computer everything appears to be working fine. Thank you for your help you can close this thread.
  7. 2014-09-22, 09:54 #7
    LiquidTension
    LiquidTension is offline
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    OK, thank you for letting me know.

    As it appears this issue is resolved this topic will now be closed. I'm glad we could help.
    If this is not the case and you need or wish to continue, please send me a Personal Message (PM) stating you would like this topic re-opened.
    Member of UNITE, and graduate from WTT.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules