Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions


MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.


Unread postby babybobbark3r » May 7th, 2015, 2:12 pm

Thank you for your help Gary - here is a revised submission.

On April 29 I inadvertently downloaded malware that infected my computer and all my browers with endless popups. A feature of this malware was that it blocked my seeing results in google that would help me get rid of it. After much time and sorrow I got rid of the popups on my desktop, but I cannot seem to get the popups out of my browser. I use Google Chrome - I even downloaded Opera browser and it immediately was infested with popups - some sites I can't even use because of the number of popups. Block and Surf is the name (one of many I assume) it goes by. If you could help me, I might be able to stop crying. Thanks, Diana


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17267 BrowserJavaVersion: 11.25.2
Run by Michael at 10:13:05 on 2015-05-07
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.3654.1462 [GMT -4:00]
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
============== Running Processes ===============
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Win Application\applications.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files (x86)\USB Camera2\VM332STI.EXE
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Super Driver Updater\SuperDriversUpdater.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
mStart Page = about:blank
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent.exe" /MINIMIZED
uRun: [SuperDriversUpdater] C:\Program Files (x86)\Super Driver Updater\SuperDriversUpdater.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo App Shop] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer =
TCP: Interfaces\{CD977A49-DFED-447F-AB15-CB05F4999758} : DHCPNameServer =
TCP: Interfaces\{CD977A49-DFED-447F-AB15-CB05F4999758}\C696C6F5265616E6F5E6F576275656E6 : DHCPNameServer =
TCP: Interfaces\{CD977A49-DFED-447F-AB15-CB05F4999758}\D4564456379676E63547574696F6 : DHCPNameServer =
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: BlockAndSurf: {79AAD48C-7658-E566-0E71-9D097E9E899C} -
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-RunOnce: [RollbackOnline] C:\$WINDOWS.~BT\Sources\SetupPlatform.exe /rollbackonline
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vwkqlb6.default\
FF - prefs.js: browser.search.selectedEngine - Trovi
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT332989 ... 2915&SSPV=
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
============= SERVICES / DRIVERS ===============
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2015-3-11 213984]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2015-3-11 344544]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2015-4-3 137184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2015-3-20 40928]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-1-10 39008]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv;C:\windows\System32\Drivers\adgnetworkwfpdrv.sys [2015-4-29 52728]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\Drivers\avgdiska.sys [2015-3-11 162784]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\Drivers\avgfwd6a.sys [2015-3-20 67040]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2015-4-9 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2015-4-7 293856]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-13 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2015-4-15 1517480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-4-15 311792]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-1-10 201376]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 pusetufy;Address Print-head;C:\Users\Michael\AppData\Roaming\C551F4B0-1430296537-E211-8422-208984368350\jnso59B.tmp [2015-4-29 113664]
R2 webTinstMKTN84;webTinstMKTN84;C:\windows\System32\Drivers\webTinstMKTN84.sys [2015-4-29 50216]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2015-4-29 25816]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-1-10 690832]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2015-3-2 14112]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\Drivers\vm332avs.sys [2013-1-10 981112]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2015-3-27 21152]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-4-15 3438032]
S2 CoupoonService64;CoupoonService64;C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe --> C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-29 1080120]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2015-4-29 64216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-1-10 315536]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\Drivers\ssadserd.sys [2011-5-13 146920]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2014-8-15 54784]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-1-10 102376]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-29 1871160]
SUnknown SPPD;SPPD; [x]
=============== File Associations ===============
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
=============== Created Last 30 ================
2015-05-03 07:04:34 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2015-05-03 07:04:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-05-03 07:04:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-29 20:31:03 -------- d-sh--w- C:\Recovery
2015-04-29 17:46:32 41784 ----a-w- C:\windows\System32\TURegOpt.exe
2015-04-29 17:46:25 30520 ----a-w- C:\windows\System32\authuitu.dll
2015-04-29 17:46:22 25912 ----a-w- C:\windows\SysWow64\authuitu.dll
2015-04-29 17:45:42 -------- d-----w- C:\Users\Michael\AppData\Roaming\AVG
2015-04-29 17:43:23 -------- d-----w- C:\Users\Michael\AppData\Local\Avg
2015-04-29 17:41:24 -------- d-----w- C:\ProgramData\AVG
2015-04-29 17:21:35 -------- d-----w- C:\Users\Michael\AppData\Roaming\AVG2015
2015-04-29 17:14:29 -------- d-----w- C:\Users\Michael\AppData\Roaming\TuneUp Software
2015-04-29 17:07:12 -------- d--h--w- C:\$AVG
2015-04-29 17:07:11 -------- d-----w- C:\ProgramData\AVG2015
2015-04-29 17:04:49 -------- d-----w- C:\Program Files (x86)\AVG
2015-04-29 17:01:00 -------- d--h--w- C:\ProgramData\Common Files
2015-04-29 17:00:59 -------- d-----w- C:\Users\Michael\AppData\Local\MFAData
2015-04-29 17:00:59 -------- d-----w- C:\Users\Michael\AppData\Local\Avg2015
2015-04-29 17:00:59 -------- d-----w- C:\ProgramData\MFAData
2015-04-29 16:59:01 136408 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-04-29 16:57:14 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-04-29 16:57:14 107736 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-04-29 16:57:13 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-04-29 16:57:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-29 11:10:22 52728 ----a-w- C:\windows\System32\drivers\adgnetworkwfpdrv.sys
2015-04-29 11:06:13 279 ----a-w- C:\windows\SysWow64\drivers\vwifikerneldrv.sys
2015-04-29 11:06:13 279 ----a-w- C:\windows\SysWow64\d3dx9_11.dll.tmp
2015-04-29 11:03:25 -------- d-----w- C:\Users\Michael\AppData\Roaming\Performix LLC
2015-04-29 11:03:23 -------- d-----w- C:\ProgramData\Adguard
2015-04-29 10:11:29 -------- d-----w- C:\Users\Michael\AppData\Local\SuperDriversUpdater
2015-04-29 09:19:22 2178 ----a-w- C:\windows\patsearch.bin
2015-04-29 09:19:08 50216 ----a-w- C:\windows\System32\drivers\webTinstMKTN84.sys
2015-04-29 09:15:09 -------- d-----w- C:\Users\Michael\AppData\Local\avaavaevy
2015-04-29 09:13:13 -------- d-----w- C:\Program Files (x86)\SafeGuard
2015-04-29 09:07:41 -------- d-----w- C:\Users\Michael\AppData\Local\SmartWeb
2015-04-29 08:52:30 -------- d-----w- C:\ProgramData\PastaLeadsAgent
2015-04-29 08:52:09 -------- d-----w- C:\Program Files\Common Files\PastaLeads
2015-04-29 08:43:08 -------- d-----w- C:\Users\Michael\AppData\Local\C551F4B0-1430282581-E211-8422-208984368350
2015-04-29 08:40:25 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02BA41E8-22BE-4590-9FEF-C9C4E59EC26E}\offreg.dll
2015-04-29 08:35:37 -------- d-----w- C:\Users\Michael\AppData\Roaming\C551F4B0-1430296537-E211-8422-208984368350
2015-04-29 08:34:18 -------- d-----w- C:\Users\Michael\AppData\Local\globalUpdate
2015-04-29 08:34:18 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-04-29 08:33:40 -------- d-----w- C:\Program Files (x86)\FlashBeat
2015-04-29 08:29:00 -------- d-----w- C:\Program Files (x86)\Shopperz
2015-04-29 08:28:29 -------- d-----w- C:\Program Files (x86)\Super Driver Updater
2015-04-29 08:28:20 -------- d-----w- C:\Program Files (x86)\Priceless
2015-04-28 18:17:45 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02BA41E8-22BE-4590-9FEF-C9C4E59EC26E}\mpengine.dll
2015-04-27 22:20:26 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-04-15 17:06:02 256992 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2015-04-15 08:38:35 861696 ----a-w- C:\windows\System32\drivers\http.sys
2015-04-15 08:38:21 6971712 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-04-15 08:38:21 1822696 ----a-w- C:\windows\System32\ntdll.dll
2015-04-15 08:38:18 1409496 ----a-w- C:\windows\SysWow64\ntdll.dll
2015-04-15 08:38:03 74752 ----a-w- C:\windows\System32\clfsw32.dll
2015-04-15 08:38:03 361280 ----a-w- C:\windows\System32\drivers\clfs.sys
2015-04-15 08:38:02 57856 ----a-w- C:\windows\SysWow64\clfsw32.dll
2015-04-09 18:11:14 284128 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2015-04-07 19:04:37 -------- d-----w- C:\Program Files (x86)\iTunes
2015-04-07 19:04:36 -------- d-----w- C:\Program Files\iPod
2015-04-07 19:04:34 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-07 19:04:34 -------- d-----w- C:\Program Files\iTunes
2015-04-07 16:39:26 293856 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
==================== Find3M ====================
2015-04-13 22:07:53 791520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-04-13 22:07:53 177632 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-03 13:34:12 137184 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2015-03-27 12:40:48 21152 ----a-w- C:\windows\System32\drivers\avgboota.sys
2015-03-20 16:20:42 67040 ----a-w- C:\windows\System32\drivers\avgfwd6a.sys
2015-03-20 16:18:18 40928 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2015-03-11 16:16:06 162784 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2015-03-11 16:13:36 344544 ----a-w- C:\windows\System32\drivers\avgloga.sys
2015-03-11 16:13:28 213984 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2015-03-10 05:28:47 2237952 ----a-w- C:\windows\System32\wininet.dll
2015-03-10 05:28:39 600576 ----a-w- C:\windows\System32\vbscript.dll
2015-03-10 05:27:11 3959296 ----a-w- C:\windows\System32\jscript9.dll
2015-03-10 05:27:09 949760 ----a-w- C:\windows\System32\inetcomm.dll
2015-03-10 03:49:49 1763328 ----a-w- C:\windows\SysWow64\wininet.dll
2015-03-10 03:49:44 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-03-10 03:49:02 2864640 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-03-10 03:49:00 737280 ----a-w- C:\windows\SysWow64\inetcomm.dll
2015-03-06 07:39:21 588800 ----a-w- C:\windows\System32\SHCore.dll
2015-03-06 07:39:16 412672 ----a-w- C:\windows\System32\schannel.dll
2015-03-06 05:48:32 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2015-03-06 05:48:28 318464 ----a-w- C:\windows\SysWow64\schannel.dll
2015-03-04 07:26:50 596480 ----a-w- C:\windows\System32\AutoUpdate.exe
2015-03-04 07:26:50 467952 ----a-w- C:\windows\System32\NotificationUI.exe
2015-03-04 06:41:12 695808 ----a-w- C:\windows\System32\WSShared.dll
2015-03-04 06:41:11 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-04 04:53:22 568832 ----a-w- C:\windows\SysWow64\WSShared.dll
2015-03-04 04:53:22 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-03 13:17:35 295552 ------w- C:\windows\System32\MpSigStub.exe
2015-02-26 04:35:57 4063232 ----a-w- C:\windows\System32\win32k.sys
2015-02-23 10:51:56 915968 ----a-w- C:\windows\System32\uxtheme.dll
2015-02-23 10:51:56 53760 ----a-w- C:\windows\System32\UXInit.dll
2015-02-23 10:50:34 67072 ----a-w- C:\windows\System32\iesetup.dll
2015-02-23 10:50:34 136704 ----a-w- C:\windows\System32\iesysprep.dll
2015-02-23 10:49:36 1509376 ----a-w- C:\windows\System32\inetcpl.cpl
2015-02-23 09:17:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2015-02-23 09:15:57 84480 ----a-w- C:\windows\System32\INETRES.dll
2015-02-23 08:51:29 441856 ----a-w- C:\windows\System32\html.iec
2015-02-21 05:31:18 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2015-02-21 05:30:11 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-02-21 05:30:11 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2015-02-21 05:29:25 1441280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-02-21 05:09:51 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-02-21 05:07:30 84480 ----a-w- C:\windows\SysWow64\INETRES.dll
2015-02-21 04:42:37 361984 ----a-w- C:\windows\SysWow64\html.iec
2015-02-21 03:00:32 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2015-02-20 13:59:14 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-02-20 11:56:16 366592 ----a-w- C:\windows\System32\atmfd.dll
2015-02-20 08:10:01 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-02-20 07:24:08 304128 ----a-w- C:\windows\SysWow64\atmfd.dll
2014-06-24 05:22:59 1837904 ----a-w- C:\Program Files (x86)\uTorrent.exe
============= FINISH: 10:15:13.94 ===============


DDS (Ver_2012-11-20.01)
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/25/2013 10:57:03 AM
System Uptime: 4/29/2015 7:36:47 PM (183 hours ago)
Motherboard: LENOVO | | Lenovo G585
Processor: AMD E1-1500 APU with Radeon(tm) HD Graphics | Socket FT1 | 1480/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 251 GiB total, 189.456 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 23.293 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
==== System Restore Points ===================
RP78: 4/22/2015 3:45:54 PM - Windows Update
RP79: 4/29/2015 4:40:55 AM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
RP80: 5/1/2015 5:45:40 PM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
RP81: 5/5/2015 11:39:11 PM - Software Removal Tool
==== Installed Programs ======================
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 17 NPAPI
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
AVG 2015
AVG PC TuneUp 2015
AVG PC TuneUp 2015 (en-US)
Canon MP Navigator 2.2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
Dolby Advanced Audio v2
Energy Management
Google Chrome
Google Update Helper
Java 7 Update 55
Java 8 Update 25
Java Auto Updater
Lenovo App Shop
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo PowerDVD10
Lenovo Solution Center
Lenovo YouCam
Malwarebytes Anti-Malware version
McAfee Security Scan Plus
Microsoft Office
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Mozilla Firefox 37.0.2 (x86 en-US)
Mozilla Maintenance Service
OpenOffice 4.1.0
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Shared C Run-time for x64
SolSuite 2014 v14.0
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012
WinRAR 5.10 (32-bit)
WordPerfect Office IFilter 32-bit
WordPerfect Office IFilter 64-bit
WordPerfect Office X6
WordPerfect Office X6 - Common Files
WordPerfect Office X6 - Common Files English
WordPerfect Office X6 - IPM
WordPerfect Office X6 - Lightning Files
WordPerfect Office X6 - Lightning Files English
WordPerfect Office X6 - Oxford
WordPerfect Office X6 - Presentations Files
WordPerfect Office X6 - Presentations Files English
WordPerfect Office X6 - Quattro Pro Files
WordPerfect Office X6 - Quattro Pro Files English
WordPerfect Office X6 - Setup Files
WordPerfect Office X6 - System Files
WordPerfect Office X6 - WordPerfect Files
WordPerfect Office X6 - WordPerfect Files English
WordPerfect Office X6 - WT
==== Event Viewer Messages From Past Week ========
5/4/2015 3:44:34 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
4/30/2015 3:26:59 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows8_OS. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x600000001f9cf. The name of the file is "<unable to determine file name>".
4/30/2015 3:26:59 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows8_OS. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x300000001f69a. The name of the file is "<unable to determine file name>".
4/30/2015 3:26:59 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows8_OS. A corruption was found in a file system index structure. The file reference number is 0x1000000001446. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
==== End Of File ===========================

I would appreciate some help - my problem is summarized at the top of this message
Active Member
Posts: 2
Joined: May 7th, 2015, 10:27 am
Register to Remove


Unread postby wannabeageek » May 9th, 2015, 2:52 pm

Hello babybobbark3r, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
MRU Master
MRU Master
Posts: 1763
Joined: November 23rd, 2009, 10:21 pm
Location: California


Unread postby wannabeageek » May 9th, 2015, 3:51 pm

Hi babybobbark3r,

P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)

  1. Right-click in the screen's bottom-left corner and choose the Control Panel from the pop-up menu.
  2. When the Control Panel appears, choose Uninstall a Program from the Programs category.
  3. Locate the following program:
    (unistall the following as well)
    Java 7 Update 55
    Java 8 Update 25
    McAfee Security Scan Plus
  4. Click on the Uninstall button to uninstall it.
  5. When Windows asks whether you're sure, click Yes.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Repeat steps 2 and 3 for each program listed.
  6. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
FRST - Farbar Recovery Scanner Tool Image

Please download FRST64.exe ... by Farbar. Save it to your desktop.

  1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
    The first time the tool is run, it makes also another log... Addition.txt.
  4. Please copy/paste Addition.txt in your reply.

What I need back from you:
Post each separately.
  1. Contents of CKFiles.txt (Step 2.)
  2. Contents of FRST.txt (Step 3.)
  3. Contents of Addition.txt (Step 3.)
  4. Any problem executing the instructions?
MRU Master
MRU Master
Posts: 1763
Joined: November 23rd, 2009, 10:21 pm
Location: California


Unread postby wannabeageek » May 11th, 2015, 10:52 pm

Hi babybobbark3r.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
MRU Master
MRU Master
Posts: 1763
Joined: November 23rd, 2009, 10:21 pm
Location: California


Unread postby Cypher » May 13th, 2015, 5:47 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 14938
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware