Possible Hack, Hijacking or Virus

Status
Not open for further replies.
E

EmpressPhoenix

New member
I have this feeling that my computer was compromised last night. My internet stopped working. I had to restart my laptop, it took forever to shut down. And then, it took forever to boot up. When it did, I was taken to a temporary windows account, which I had to log out of and log back into my account. Right after that, I got an email from my Mother. Her email was compromised. This all happened after a horrid fight with a now ex. I would hate to think he or anyone he knows is responsible for this, but it was just to coincidental. Also, a friend told me, that her brother told her..there is a virus going around. With that knowledge, I felt it best to come here. Right before I came here, my CPU was running at 100%.

Whether it be a virus or a hacker, I would really like to have it looked at.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384 BrowserJavaVersion: 10.55.2
Run by Owner at 15:32:56 on 2014-06-03
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5596.3373 [GMT -5:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Team Speak 3\ts3client_win64.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SearchProtection] "C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{46A9D7A3-BA03-426C-BC76-F9A4C3EB1832} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.aywas.com/news/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2014-2-9 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2014-3-28 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2014-2-9 199008]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-10-14 142960]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-7-18 28160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2014-2-9 266896]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2014-2-9 683664]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2014-2-9 41272]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2014-2-9 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2014/02/08 23:49:47;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-7-16 245264]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2014-2-9 43832]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-02 01:22:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\3909
2014-06-02 01:22:07 -------- d-----w- C:\GOG Games
2014-05-31 00:06:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\OBS
2014-05-31 00:06:20 -------- d-----w- C:\Program Files\OBS
2014-05-31 00:06:15 -------- d-----w- C:\Program Files (x86)\OBS
2014-05-30 05:21:58 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-30 05:21:58 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-30 05:21:58 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-30 05:21:58 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-28 17:23:15 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B9E679A-1843-47A6-B943-D061E8EE50F2}\mpengine.dll
2014-05-24 11:22:34 258224 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-10 09:54:34 -------- d-----w- C:\Users\Owner\dwhelper
2014-05-05 06:33:46 -------- d-----w- C:\Program Files (x86)\Gravity
.
==================== Find3M ====================
.
2014-04-22 21:45:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-29 02:08:42 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-03-24 07:09:47 70010368 ----a-w- C:\Windows\System32\imageres.dll
2014-03-22 12:46:09 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2014-03-22 02:11:55 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 15:33:56.11 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-03 15:37:08
-----------------------------
15:37:08.365 OS Version: Windows x64 6.2.9200
15:37:08.365 Number of processors: 4 586 0x1001
15:37:08.367 ComputerName: 7360BE7 UserName: Owner
15:37:08.439 Initialze error 1
15:39:12.471 AVAST engine defs: 14060300
15:43:14.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
15:43:14.981 Disk 0 Vendor: ST640LM001_HN-M640MBB 2AR10002 Size: 610480MB BusType: 11
15:43:15.015 Disk 0 MBR read successfully
15:43:15.017 Disk 0 MBR scan
15:43:15.025 Disk 0 unknown MBR code
15:43:15.041 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:43:15.050 Disk 0 scanning C:\Windows\system32\drivers
15:43:15.053 Service scanning
15:43:15.839 Modules scanning
15:43:15.844 Disk 0 trace - called modules:
15:43:15.894 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:43:15.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ad0060]
15:43:15.905 3 CLASSPNP.SYS[fffff8800190a8aa] -> nt!IofCallDriver -> [0xfffffa80065de950]
15:43:16.244 5 hpdskflt.sys[fffff88001f48339] -> nt!IofCallDriver -> [0xfffffa80053fdb20]
15:43:16.251 7 amd_xata.sys[fffff88001376634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80053ff060]
15:43:16.256 AVAST engine scan C:\Windows
15:43:16.264 AVAST engine scan C:\Windows\system32
15:43:16.270 AVAST engine scan C:\Windows\system32\drivers
15:43:16.277 AVAST engine scan C:\Users\Owner
15:43:16.284 AVAST engine scan C:\ProgramData
15:43:16.290 Scan finished successfully
15:43:47.274 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:43:47.282 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2014-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-05-09 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-05-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
 

Attachments

Hi EmpressPhoenix,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Right after that, I got an email from my Mother. Her email was compromised.
Click to expand...
Can you describe how you know the email was compromised? What characteristics did it display?

This all happened after a horrid fight with a now ex. I would hate to think he or anyone he knows is responsible for this, but it was just to coincidental.
Click to expand...
I would recommend that you change all passwords if you feel your ex might be responsible. Especially, if you use your computer for any type of banking. You also might want to monitor your financial accounts closely until you are certain they haven't been compromised.

=========================

Your initial logs don't look too bad, let's dig a bit deeper.

P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

DeFogger

Please download DeFogger to your desktop.
Right click and select "Run as Administrator" DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • If it needs to, DeFogger may ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

=========================

Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

Please download AdwCleaner by Xplode and save to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.
=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • AdwCleaner[R0].txt
  • FRST.txt
  • Addition.txt
  • Answer to email question.
  • Also describe any symptoms you are expereincing.
 
I know my mother's email was hacked, because she told me. I never clicked on the link inside the email, but, I did reply to it asking her wtf? She emailed back to inform her account had been hacked. I figured it had been, as, my mother always contacts me over facebook if anything. Never email.
I can't exactly remember what happened with my computer before this happened. It was running a bit slow, and since then there are a times where it runs at 100% CPU capacity when it shouldn't be, and lags sometimes. It's not normal, as, this is a new computer.
Also, unrelated but, how do I delete old attachments I have here at SNF? I have quite a few and it's kind of an ocd thing that they are still there. Unless I have no limit in space to the attachments.

Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

# AdwCleaner v3.212 - Report created 05/06/2014 at 12:54:54
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - 7360BE7
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Owner\AppData\Roaming\Search Protection

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"474122\",\"name\":\"ELECTRIC BLUE NEON --A N I M A T E D--\",\"headerURL\":\"hxxp://getpersonas-cdn.mozilla.net/static/2/2/474122/ELECTRICBLUENEON[...]
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\h8vzlbxq.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1855 octets] - [05/06/2014 12:54:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1915 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Owner (administrator) on 7360BE7 on 05-06-2014 13:44:40
Running from C:\Users\Owner\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TeamSpeak Systems GmbH) C:\Program Files\Team Speak 3\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-07-16] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [SearchProtection] => C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-04] (Google Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4167589968-2693423342-2315446607-1002\...\MountPoints2: {b4418b01-b416-11e3-be74-082e5f79e668} - "F:\autorun.exe"
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=599486&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BC8BD8D4D45CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
SearchScopes: HKCU - {66F8021A-0B2E-4DE4-B753-12504A711C26} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default
FF Homepage: hxxp://www.aywas.com/news/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\yahoo_ff.xml
FF Extension: ActiveGS - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\activegs@freetoolsassociation.com [2014-06-04]
FF Extension: LavaFox V2-Blue - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\djziggy@gmail.com [2014-06-03]
FF Extension: Blue Fox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-03-21]
FF Extension: Vendetta Online Theme - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2014-03-21]
FF Extension: HP Detect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2014-03-21]
FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Strike - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{021bfe80-a015-11de-8a39-0800200c9a66}.xpi [2014-03-21]
FF Extension: NoScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=599486&ilc=12&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (Universe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkhmhnhknbjjggjfagcaaoimilkogcn [2014-04-18]
CHR Extension: (Website Logon) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-07-09] (CyberLink)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-07-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-28] (Disc Soft Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 13:44 - 2014-06-05 13:45 - 00017031 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 13:44 - 2014-06-05 13:44 - 00000000 ____D () C:\FRST
2014-06-05 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 12:54 - 2014-06-05 12:56 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-04 23:29 - 2014-06-04 23:29 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:36 - 2014-06-03 15:37 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:30 - 2014-06-03 15:31 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 23:29 - 2014-05-30 01:18 - 00000000 ____D () C:\Users\Owner\Desktop\D&D
2014-05-22 20:43 - 2014-05-22 20:43 - 00000218 _____ () C:\Users\Owner\.recently-used.xbel
2014-05-19 19:55 - 2014-05-19 20:40 - 00000000 ____D () C:\Users\Owner\Desktop\SCREENIES
2014-05-18 14:42 - 2014-05-18 14:42 - 00000000 ____D () C:\Users\Owner\Desktop\FunPics
2014-05-11 06:09 - 2014-05-11 06:10 - 00000117 _____ () C:\Windows\system32\netcfg-1403042572.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403039452.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038672.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038266.txt
2014-05-10 04:54 - 2014-05-10 04:54 - 00000000 ____D () C:\Users\Owner\dwhelper

==================== One Month Modified Files and Folders =======

2014-06-05 13:45 - 2014-06-05 13:44 - 00017031 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-05 13:45 - 2014-02-09 04:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-05 13:44 - 2014-06-05 13:44 - 00000000 ____D () C:\FRST
2014-06-05 13:35 - 2014-03-21 16:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-06-05 13:30 - 2014-04-08 23:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.purple
2014-06-05 13:23 - 2014-04-04 17:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA.job
2014-06-05 13:16 - 2014-04-18 04:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-05 12:56 - 2014-06-05 12:54 - 00000000 ____D () C:\AdwCleaner
2014-06-05 12:53 - 2014-06-05 12:53 - 01333465 _____ () C:\Users\Owner\Desktop\adwcleaner_3.212.exe
2014-06-05 12:49 - 2014-06-05 12:49 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-06-05 12:49 - 2014-06-05 12:49 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-06-05 12:49 - 2014-02-09 04:52 - 00000000 ____D () C:\Users\Owner
2014-06-05 05:13 - 2014-03-22 18:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2014-06-05 04:59 - 2014-04-27 18:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 02:23 - 2014-04-04 17:12 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core.job
2014-06-05 01:49 - 2014-03-21 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TS3Client
2014-06-05 01:43 - 2014-02-09 04:51 - 01969241 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 01:26 - 2014-03-21 22:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-06-05 01:16 - 2014-06-05 01:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DarkSoulsII
2014-06-05 01:14 - 2014-06-05 01:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Game Updater
2014-06-05 01:03 - 2014-06-05 01:03 - 00001737 _____ () C:\Users\Public\Desktop\Dark Souls 2.lnk
2014-06-05 01:03 - 2014-06-05 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls 2
2014-06-05 00:16 - 2014-06-05 00:16 - 00000000 ____D () C:\Games
2014-06-05 00:13 - 2014-06-05 00:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Setup Integrity Check
2014-06-05 00:11 - 2014-03-21 22:39 - 00000000 ___RD () C:\Users\Owner\Desktop\MY GAMES
2014-06-05 00:08 - 2014-03-22 18:32 - 00000000 ___RD () C:\Users\Owner\Desktop\MINECRAFT STUFF
2014-06-05 00:08 - 2014-03-21 19:12 - 00000000 ___RD () C:\Users\Owner\Desktop\PHOENIX
2014-06-04 23:32 - 2014-03-21 22:38 - 00000000 ___RD () C:\Users\Owner\Desktop\VIDEO
2014-06-04 23:29 - 2014-06-04 23:29 - 02068992 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-06-04 23:28 - 2014-06-04 23:28 - 00854367 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-06-04 23:24 - 2014-06-04 23:24 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-06-04 23:16 - 2014-04-18 04:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 23:11 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-06-04 17:41 - 2014-03-21 19:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mIRC
2014-06-04 01:47 - 2014-06-04 01:47 - 00000000 ____D () C:\Users\Owner\Documents\ActiveGSLocalData
2014-06-03 15:43 - 2014-06-03 15:43 - 00001903 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-06-03 15:43 - 2014-06-03 15:43 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-06-03 15:40 - 2014-03-21 22:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-03 15:39 - 2014-03-21 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-03 15:37 - 2014-06-03 15:36 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-06-03 15:32 - 2014-06-03 15:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2014-06-03 15:32 - 2014-06-03 15:32 - 00000000 ____D () C:\Windows\ERDNT
2014-06-03 15:31 - 2014-06-03 15:30 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-03 15:31 - 2014-02-09 04:53 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 15:30 - 2014-06-03 15:30 - 00000909 _____ () C:\Users\Owner\Desktop\ERUNT.lnk
2014-06-03 15:30 - 2014-06-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-03 15:29 - 2014-06-03 15:29 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2014-06-03 15:22 - 2014-03-21 17:41 - 00007597 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-06-03 15:06 - 2014-03-21 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-06-03 00:39 - 2014-02-09 04:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4167589968-2693423342-2315446607-1002
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-03 00:35 - 2014-03-21 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-06-03 00:30 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 00:30 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 00:30 - 2012-07-26 02:19 - 00292720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 00:29 - 2014-03-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 00:29 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-03 00:27 - 2014-06-03 00:27 - 00000117 _____ () C:\Windows\system32\netcfg--925314703.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318884.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925318400.txt
2014-06-03 00:26 - 2014-06-03 00:26 - 00000117 _____ () C:\Windows\system32\netcfg--925317964.txt
2014-06-02 03:13 - 2014-06-02 03:13 - 00001289 _____ () C:\Users\Owner\Desktop\Battle.net.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00001678 _____ () C:\Users\Public\Desktop\Papers, Please.lnk
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\3909
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2014-06-01 20:22 - 2014-06-01 20:22 - 00000000 ____D () C:\GOG Games
2014-06-01 13:52 - 2014-03-21 18:48 - 00000000 ____D () C:\ProgramData\Stardock
2014-05-30 19:06 - 2014-05-30 19:06 - 00000939 _____ () C:\Users\Owner\Desktop\Open Broadcaster Software.lnk
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files\OBS
2014-05-30 19:06 - 2014-05-30 19:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-05-30 19:04 - 2014-05-30 19:04 - 08541018 _____ () C:\Users\Owner\Downloads\OBS_0_624b_Installer.exe
2014-05-30 13:01 - 2014-05-30 13:01 - 00814735 _____ () C:\Users\Owner\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2014-05-30 01:18 - 2014-05-29 23:29 - 00000000 ____D () C:\Users\Owner\Desktop\D&D
2014-05-30 00:22 - 2014-03-21 16:34 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 00:22 - 2014-03-21 16:34 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 00:19 - 2014-05-30 00:19 - 29014160 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 29.0.1.exe
2014-05-29 14:50 - 2014-04-19 03:28 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-29 14:49 - 2014-04-19 03:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-28 03:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-22 20:43 - 2014-05-22 20:43 - 00000218 _____ () C:\Users\Owner\.recently-used.xbel
2014-05-22 13:26 - 2014-04-18 04:06 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 05:24 - 2014-03-21 16:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-05-19 20:40 - 2014-05-19 19:55 - 00000000 ____D () C:\Users\Owner\Desktop\SCREENIES
2014-05-18 14:42 - 2014-05-18 14:42 - 00000000 ____D () C:\Users\Owner\Desktop\FunPics
2014-05-18 10:24 - 2014-04-08 23:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\gtk-2.0
2014-05-18 00:47 - 2012-07-26 02:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 12:59 - 2014-05-05 20:52 - 00000422 _____ () C:\Users\Owner\Desktop\ROGUE STATS.txt
2014-05-16 17:20 - 2012-07-26 02:21 - 00026633 _____ () C:\Windows\setupact.log
2014-05-11 06:10 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403042572.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403039452.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038672.txt
2014-05-11 06:09 - 2014-05-11 06:09 - 00000117 _____ () C:\Windows\system32\netcfg-1403038266.txt
2014-05-10 04:54 - 2014-05-10 04:54 - 00000000 ____D () C:\Users\Owner\dwhelper
2014-05-08 02:18 - 2014-04-04 17:12 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002UA
2014-05-08 02:18 - 2014-04-04 17:12 - 00003490 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4167589968-2693423342-2315446607-1002Core
2014-05-07 23:11 - 2014-04-18 04:06 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 23:11 - 2014-04-18 04:06 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\_isA1AF.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-28 08:51

==================== End Of Log ============================
 

Attachments

Hi EmpressPhoenix,

Please advise me as to your plans for uTorrent.

Since you did not react to the email from your Mother, you probably didn't get any malware from it. But we will continue to check to be certain.

=========================

Go here for a brief tutorial on how to Uninstall a program if you are unfamiliar with how to do it.

Uninstall a Program in Windows 8

Click on the Control Panel app in the Windows 8 Start Screen. Then scroll to the bottom and click on the More Settings option.
  • When the Control Panel window opens click on the Uninstall a program option option under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
  • Locate the following, and select Uninstall
    • Search Protection
  • Close Programs and Features when you are done.
=========================

Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Are you still encountering high CPU usage? Any other symptoms?

=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • How is the computer running?
 
I apologize. I do not have everything you asked for. I just wanted to answer your question real quick about uTorrent. At the moment, I'd rather keep it. If that's ok and it will not stop me from getting help.
And this all happened BEFORE I got my moms email.

I will have everything else asked for hopefully by tomorrow night or so. Been busy working. Thanks for the help so far!
 
Hi EmpressPhoenix,

I just wanted to answer your question real quick about uTorrent. At the moment, I'd rather keep it. If that's ok and it will not stop me from getting help.
Click to expand...
OK, that's fine. And no it will not stop you from getting help.

And this all happened BEFORE I got my moms email.
Click to expand...
I don't think any of your issues were caused by that email.

Post the logs requested when you can.
 
Computer -seems- to be running ok. Also, I am a bit weird having all these programs and log files on my desktop now. Kind of an OCD thing (funny considering your name HA). What, if any, can I remove now or atleast delete the shortcuts of?

# AdwCleaner v3.212 - Report created 09/06/2014 at 07:58:50
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Owner - 7360BE7
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"474122\",\"name\":\"ELECTRIC BLUE NEON --A N I M A T E D--\",\"headerURL\":\"hxxp://getpersonas-cdn.mozilla.net/static/2/2/474122/ELECTRICBLUENEON[...]
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\h8vzlbxq.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1995 octets] - [05/06/2014 12:54:54]
AdwCleaner[R1].txt - [343 octets] - [07/06/2014 21:03:14]
AdwCleaner[R2].txt - [1896 octets] - [09/06/2014 07:49:07]
AdwCleaner[R3].txt - [1956 octets] - [09/06/2014 07:56:28]
AdwCleaner[S0].txt - [1895 octets] - [09/06/2014 07:58:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1955 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Owner on Mon 06/09/2014 at 8:06:07.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\prefs.js

user_pref("socialfixer.1501226731/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":523549481013522,\"type\":\"group\",\"path\":\"\\/groups\\/chillcraft
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\minidumps [177 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/09/2014 at 8:13:15.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Hi EmpressPhoenix,

Also, I am a bit weird having all these programs and log files on my desktop now. Kind of an OCD thing (funny considering your name HA). What, if any, can I remove now or atleast delete the shortcuts of?
Click to expand...
We will clean up all the tools and logs when we have completed removing the malware from your machine. If you remove any of the tools and we need them again you will just have to re-download them again. So for now please don't remove anything.

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
 
Ok..having some issues with Malewarebyes.

First of all, there was no -tab- that said "Updates"
Secondly, nothing says "Perform Quick Scan"

I have a tab that says "Scan" and when I click it, the only options are "Threat Scan", "Custom Scan" and "Hyber Scan"

What do I do? :( Perhaps I have a different version?
 
Hi EmpressPhoenix,

I apologize for the confusion. MBAM has changed the GUI of the program and I failed to update my instructions to reflect the change.

=========================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select the Scan tab.



  • Select type of scan to perform:


    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan Now button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

In your next reply post the MBAM & ESET logs
 
Last edited:
Sorry, I am just wanting to make sure things are done correctly. Thus, asking questions when I am unsure.

There is nothing that says "remove selected"

There is Quarantine/Quarantine All, Add Exclusoin and, Ignore Once

I figure I am to quarantine all, however, asking to be sure.
 
Hi EmpressPhoenix,

Yes, choose Quarantine/Quarantine All. I'm still tweaking my instructions.
 
Yes, I am sorry. Inventory coming up at the store where I work so it's been hectic. I honestly loose track of days and forget things x.x I'll hopefully have this by tomorrow, I apologize.
 
Hopefully I have done everything right..sorry for the delay..

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2014
Scan Time: 6:50:56 PM
Logfile: MWBLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272795
Time Elapsed: 17 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SafeInstall.A, C:\Users\Owner\Downloads\7zip_14395_stf.exe, Quarantined, [b46a007b0a719c9adb862b097d834db3],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\DTLite4491-0356.exe, Quarantined, [42dca3d84239979f6da5d9cd9b6931cf],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml, Quarantined, [21fd44372853c076f3cf406705fd19e7],

Physical Sectors: 0
(No malicious items detected)


(end)

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe Win32/Somoto.M potentially unwanted application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll Win32/Somoto.C potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js Win32/Adware.MultiPlug.H application
 
Hi EmpressPhoenix,

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU4RBLBP\setup[1].exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQAE89WB\BiTool[1].dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\APISupport\APISupport.dll
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.26.2.507_0\nativeMessaging\TBMessagingHost.exe
C:\Users\Owner\Desktop\PHOENIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnbhfcphckpkbjoncbgkamddpnphieg\1\51eca413f39150.32987907.js

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt
  • How is the computer running?
 
Status
Not open for further replies.
Back
Top