Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible trojan, please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible trojan, please help

Unread postby Anon67 » July 31st, 2015, 3:33 pm

Hello, I have an online account where I had a thousand dollars stolen from me. The site claimed that someone logged onto my account with my username and password and used my IP address.

This does not make any sense. I want to be sure I am not infected. I have scanned with malwarebytes and AVG.

here are my logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 7/29/2015 2:19:26 PM
System Uptime: 7/29/2015 2:51:11 PM (49 hours ago)
.
Motherboard: Gateway | | ZX4970
Processor: Intel(R) Celeron(R) CPU G530 @ 2.40GHz | SOCKET 0 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 366.6 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/30/2015 4:46:12 PM - Windows Update
RP2: 7/30/2015 4:47:01 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.22beta
8500A909_eDocs
8500A909_Help
8500A909a
Ad Muncher v4.93.33707
Adobe AIR
Adobe Flash Player 18 NPAPI
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
Agatha Christie - Death on the Nile
AIM for Windows
AmericasCardroom
Atheros Bluetooth Suite (64)
AVG 2015
AVG Web TuneUp
BetDSI
Bing Bar
Bookmaker
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Chronicles of Albian
Cradle of Rome 2
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Dora's World Adventure
Download Updater (AOL Inc.)
eBay Worldwide
Etron USB3.0 Host Controller
Evernote v. 4.5.2
FATE
Fax
Final Drive: Nitro
Fooz Kids Platform
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Gateway Games
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Governor of Poker 2 Premium Edition
GPBaseService2
GrandPoker
Heritage Sports 8.2
Hotkey Utility
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8500 A909 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Identity Card
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel® Trusted Connect Service Client
Intertops Poker
ITE Infrared Transceiver
Java 8 Update 31
Java Auto Updater
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Malwarebytes Anti-Malware version 2.1.8.1057
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.11761.0_neutral_~_8wekyb3d8bbwe (x64)
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
MPM
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Network64
NOOK for PC
Norton Online Backup
OCR Software by I.R.I.S. 14.0
Octoshape Streaming Services
OpenOffice 4.1.1
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
PokerStars.net
Polar Bowler
Polar Golfer
ProductContext
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SBR Poker 1.0.81
Scan
Shop for HP Supplies
SK.Helper 1.74
Skype™ 7.0
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 5.2
Status
StreamTorrent 1.0
TeamViewer 9
THX TruStudio Pro
Toolbox
Torchlight
TrayApp
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 5 - New Believers
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.5
WebReg
Welcome Center
WildTangent Games App
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/31/2015 11:07:01 AM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
7/30/2015 8:36:23 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
7/30/2015 11:45:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
7/30/2015 1:21:58 PM, Error: Service Control Manager [7031] - The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/29/2015 2:52:29 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2015 2:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
7/29/2015 2:23:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user yisman-PC\yisman SID (S-1-5-21-3491128345-48547337-2951177495-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
7/29/2015 2:18:36 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
7/29/2015 2:17:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2015 2:08:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Msmq Listener Adapter service to connect.
7/29/2015 2:08:24 PM, Error: Service Control Manager [7000] - The Net.Msmq Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2015 2:08:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
7/29/2015 2:08:20 PM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2015 2:07:49 PM, Error: Service Control Manager [7001] - The Windows Defender Network Inspection System Driver service depends on the Windows Defender Mini-Filter Driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2015 2:06:00 PM, Error: Service Control Manager [7024] - The Delivery Optimization service terminated with the following service-specific error: Server execution failed
7/29/2015 2:05:30 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
7/29/2015 2:05:30 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
7/29/2015 2:05:30 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
7/29/2015 1:56:24 PM, Error: Service Control Manager [7022] - The Delivery Optimization service hung on starting.
7/29/2015 1:53:18 PM, Error: Service Control Manager [7030] - The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/29/2015 1:51:16 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2015 1:51:01 PM, Error: Service Control Manager [7022] - The Network Setup Service service hung on starting.
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16384 BrowserJavaVersion: 11.31.2
Run by yisman at 15:28:34 on 2015-07-31
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.3981.935 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Users\yisman\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Users\yisman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Ad Muncher\AdMunch.exe
C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\SBR Poker\sbr.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\WINDOWS\system32\notepad.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Gateway\Welcome Center\OEMWelcomeCenter.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={E6D1A9D4-B78F-4F42-A781-2EC3690B4BA7}&mid=5b475cf5a69547d3afc19524119e913a-cfb6f16af06d868de23f2bc0019c57c01c312f47&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 10:11:50&v=4.1.0.411&pid=wtu&sg=&sap=hp
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Octoshape Streaming Services] "C:\Users\yisman\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [OneDrive] "C:\Users\yisman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3aa352d9-9db3-43d6-88ed-2a7697624a0a} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3aa352d9-9db3-43d6-88ed-2a7697624a0a}\37475696E6 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [THXCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\yisman\AppData\Roaming\Mozilla\Firefox\Profiles\zd4jwkhu.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\yisman\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.iminent.id - ce53e441000000000000446d577a51b9
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16023
FF - user.js: extensions.iminent.vrsn - 1.8.26.8
FF - user.js: extensions.iminent.vrsni - 1.8.26.8
FF - user.js: extensions.iminent.vrsnTs - 1.8.26.814:49:15
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - base
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
.
.
.
.
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2015-6-10 226784]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-7-10 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2015-6-15 295400]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-7-7 314304]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-10 1817088]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-28 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-10 255376]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-13 4799760]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-28 363800]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 vToolbarUpdater18.8.0;vToolbarUpdater18.8.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [2015-7-27 1874320]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-5-6 1195920]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-3-9 599240]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2011-5-11 31216]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 ITECIRfilter;ITECIR Filter Driver;C:\WINDOWS\System32\drivers\ITECIRfilter.sys [2015-6-3 27856]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-6-24 41088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\drivers\RtsPStor.sys [2015-6-3 374016]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 Sftfs;Sftfs;C:\WINDOWS\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\WINDOWS\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\WINDOWS\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\WINDOWS\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2015-3-27 21152]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-7-14 113880]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-29 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-29 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-7-10 78688]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-29 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-7-10 685056]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-07-31 18:40:08 16148 ----a-w- C:\WINDOWS\System32\YISMAN-PC_yisman_HistoryPrediction.bin
2015-07-30 20:51:19 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F61B2AB-1569-4244-9ACB-F01BBAB46290}\gapaengine.dll
2015-07-30 20:51:19 1187344 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2015-07-30 20:49:49 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F1F7D3-F273-4D25-863F-6CBCD2268EC2}\mpengine.dll
2015-07-29 21:48:18 -------- dc----w- C:\WINDOWS\Panther
2015-07-29 21:45:50 -------- d-----w- C:\Windows.old
2015-07-29 21:38:55 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2015-07-29 20:17:59 -------- d-----w- C:\Users\yisman\AppData\Local\MicrosoftEdge
2015-07-29 18:33:18 333496 ----a-w- C:\WINDOWS\System32\hpinkstsC511LM.dll
2015-07-29 18:33:17 2878648 ----a-w- C:\WINDOWS\System32\hpinkinsC511.exe
2015-07-29 18:33:17 272056 ----a-w- C:\WINDOWS\System32\hpinkcoiC511.dll
2015-07-29 18:30:06 -------- d-----r- C:\Users\yisman\OneDrive
2015-07-29 18:27:46 -------- d-----w- C:\Users\yisman\AppData\Local\NetworkTiles
2015-07-29 18:24:21 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-07-29 18:21:57 -------- d-----w- C:\Users\yisman\AppData\Local\Publishers
2015-07-29 18:19:49 -------- d-----w- C:\Users\yisman\AppData\Local\TileDataLayer
2015-07-29 18:18:53 -------- d-sh--w- C:\Recovery
2015-07-29 18:12:40 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-07-29 17:58:05 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2015-07-29 17:58:00 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2015-07-29 17:53:18 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-07-29 17:52:24 -------- d-----w- C:\Program Files\Common Files\Atheros
2015-07-29 17:52:14 -------- d-----w- C:\WINDOWS\SysWow64\sda
2015-07-29 17:52:02 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2015-07-29 17:52:02 -------- d-----w- C:\Program Files\Realtek
2015-07-15 05:06:49 968704 ----a-w- C:\WINDOWS\System32\MsSpellCheckingFacility.exe
2015-07-15 05:06:45 1155072 ----a-w- C:\WINDOWS\SysWow64\mshtmlmedia.dll
2015-07-15 05:06:42 1359360 ----a-w- C:\WINDOWS\System32\mshtmlmedia.dll
2015-07-15 05:05:04 16384 ----a-w- C:\WINDOWS\System32\RdpGroupPolicyExtension.dll
2015-07-15 05:04:55 12288 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-07-10 13:39:22 -------- d--h--w- C:\$Windows.~BT
2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\en-US
2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\DigitalLocker
2015-07-10 13:14:45 -------- d-----w- C:\WINDOWS\ShellNew
2015-07-10 13:14:45 -------- d-----w- C:\Program Files\Windows Journal
2015-07-10 13:12:25 -------- d-----w- C:\WINDOWS\OCR
2015-07-10 13:12:08 -------- d-----w- C:\WINDOWS\SKB
2015-07-10 12:22:52 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin
2015-07-10 12:22:45 -------- d-----w- C:\ProgramData\USOShared
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2015-07-10 12:21:38 -------- d-sh--we C:\ProgramData\Documents
2015-07-10 12:21:38 -------- d-sh--we C:\Documents and Settings
2015-07-10 12:20:42 -------- d-----w- C:\WINDOWS\ServiceProfiles
2015-07-10 12:20:38 -------- d-s---w- C:\WINDOWS\System32\Microsoft
2015-07-10 11:06:25 -------- d-----w- C:\WINDOWS\Setup
2015-07-10 11:06:01 792568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-07-10 11:06:01 178168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-07-10 11:03:58 -------- d-----w- C:\WINDOWS\System32\drivers
2015-07-10 11:02:54 -------- d-----w- C:\WINDOWS\INF
2015-07-10 11:00:42 567296 ----a-w- C:\WINDOWS\System32\msTextPrediction.dll
2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\RpcNs4.dll
2015-07-10 10:55:34 -------- d-----w- C:\WINDOWS\CbsTemp
.
==================== Find3M ====================
.
2015-07-29 21:38:50 96768 ----a-w- C:\WINDOWS\SysWow64\mqoa.tlb
2015-07-29 03:45:05 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-07-10 13:12:07 6358016 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2015-07-10 13:12:07 5739520 ----a-w- C:\WINDOWS\System32\prm0009.dll
2015-07-10 13:12:07 4847104 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2015-07-10 13:12:07 2629632 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2015-07-10 13:12:07 2629632 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2015-07-10 13:11:15 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2015-07-10 13:11:15 7168 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2015-07-10 13:11:15 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2015-07-10 13:11:15 3072 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-US\SensorsCx.dll.mui
2015-07-10 13:11:15 12288 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2015-07-10 11:02:43 208384 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2015-07-10 11:02:41 229888 ----a-w- C:\WINDOWS\System32\msclmd.dll
2015-07-10 11:00:41 394240 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\mtxex.dll
2015-07-10 09:07:55 141824 ----a-w- C:\WINDOWS\System32\poqexec.exe
2015-07-10 09:07:53 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2015-07-10 09:05:37 897024 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2015-07-10 09:05:37 618272 ----a-w- C:\WINDOWS\System32\sxs.dll
2015-07-10 09:05:37 36864 ----a-w- C:\WINDOWS\System32\sxstrace.exe
2015-07-10 09:05:37 254816 ----a-w- C:\WINDOWS\System32\wdscore.dll
2015-07-10 09:05:37 243040 ----a-w- C:\WINDOWS\System32\cmipnpinstall.dll
2015-07-10 09:05:37 202240 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2015-07-10 09:05:37 135520 ----a-w- C:\WINDOWS\System32\SSShim.dll
2015-07-10 09:05:33 207200 ----a-w- C:\WINDOWS\SysWow64\wdscore.dll
2015-07-10 09:05:33 199168 ----a-w- C:\WINDOWS\SysWow64\PkgMgr.exe
2015-07-10 09:05:33 111456 ----a-w- C:\WINDOWS\SysWow64\SSShim.dll
2015-07-10 09:05:30 191840 ----a-w- C:\WINDOWS\SysWow64\cmipnpinstall.dll
2015-07-05 10:08:23 300704 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-06-26 13:49:10 293296 ----a-w- C:\WINDOWS\System32\drivers\avgidsdrivera.sys
2015-06-25 02:57:02 2926848 ----a-w- C:\WINDOWS\System32\RtPgEx64.dll
2015-06-25 02:57:02 2710784 ----a-w- C:\WINDOWS\System32\RTSnMg64.cpl
2015-06-25 02:57:00 4504320 ----a-w- C:\WINDOWS\System32\drivers\RTKVHD64.sys
2015-06-25 02:57:00 41088 ----a-w- C:\WINDOWS\System32\drivers\MBfilt64.sys
2015-06-25 02:57:00 23696 ----a-w- C:\WINDOWS\System32\RtkCoLDR64.dll
2015-06-25 02:57:00 2050184 ----a-w- C:\WINDOWS\System32\MaxxAudioEQ64.dll
2015-06-25 02:57:00 1756928 ----a-w- C:\WINDOWS\System32\RCoInstII64.dll
2015-06-25 02:57:00 122328 ----a-w- C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
2015-06-18 12:41:56 63704 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-06-18 12:41:44 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-06-18 12:41:40 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-06-18 02:10:00 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-06-18 02:10:00 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-06-18 02:10:00 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-06-16 19:55:04 259040 ----a-w- C:\WINDOWS\System32\drivers\avgldx64.sys
2015-06-16 03:58:30 295400 ----a-w- C:\WINDOWS\System32\drivers\avgwfpa.sys
2015-06-10 20:38:48 226784 ----a-w- C:\WINDOWS\System32\drivers\avgmfx64.sys
2015-06-03 11:41:52 9898752 ----a-w- C:\WINDOWS\SysWow64\RsCRIcon.dll
2015-06-03 11:41:50 91904 ----a-w- C:\WINDOWS\System32\RtCRX64.dll
2015-06-03 11:41:50 374016 ----a-w- C:\WINDOWS\System32\drivers\RtsPStor.sys
2015-06-03 06:32:54 79480 ----a-w- C:\WINDOWS\System32\drivers\itecir.sys
2015-06-03 06:32:54 27856 ----a-w- C:\WINDOWS\System32\drivers\ITECIRfilter.sys
2015-06-02 01:01:16 544552 ----a-w- C:\WINDOWS\System32\iglhsip64.dll
2015-06-02 01:01:16 11223896 ----a-w- C:\WINDOWS\SysWow64\igdumd32.dll
2015-06-02 01:01:14 231312 ----a-w- C:\WINDOWS\System32\iglhcp64.dll
2015-06-02 01:01:14 194880 ----a-w- C:\WINDOWS\SysWow64\iglhcp32.dll
2015-06-02 01:01:14 13059896 ----a-w- C:\WINDOWS\System32\igd10umd64.dll
2015-06-02 01:01:14 12814752 ----a-w- C:\WINDOWS\System32\igdumd64.dll
2015-06-02 01:01:14 11352688 ----a-w- C:\WINDOWS\SysWow64\igd10umd32.dll
2015-06-02 01:01:14 1067696 ----a-w- C:\WINDOWS\System32\igfxcmrt64.dll
2015-06-02 01:01:12 957472 ----a-w- C:\WINDOWS\SysWow64\igfxcmrt32.dll
2015-06-02 01:01:12 539312 ----a-w- C:\WINDOWS\SysWow64\iglhsip32.dll
2015-06-02 01:01:10 41288 ----a-w- C:\WINDOWS\System32\igfxexps.dll
2015-06-01 23:46:58 272928 ----a-w- C:\WINDOWS\SysWow64\igvpkrng600.bin
2015-06-01 23:46:58 272928 ----a-w- C:\WINDOWS\System32\igvpkrng600.bin
2015-06-01 23:45:24 963452 ----a-w- C:\WINDOWS\SysWow64\igcodeckrng600.bin
2015-06-01 23:45:24 963452 ----a-w- C:\WINDOWS\System32\igcodeckrng600.bin
2015-05-30 05:07:24 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-05-30 05:07:24 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-05-30 05:07:24 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 17:00:56 36864 ----a-w- C:\WINDOWS\System32\UtcResources.dll
2015-05-23 02:28:40 0 ----a-w- C:\WINDOWS\SysWow64\sho9CFF.tmp
2015-05-18 20:28:41 0 ----a-w- C:\WINDOWS\SysWow64\sho6620.tmp
2015-05-14 18:17:48 0 ----a-w- C:\WINDOWS\SysWow64\sho1626.tmp
2015-05-12 18:36:54 253408 ----a-w- C:\WINDOWS\System32\drivers\avgidsha.sys
2015-05-07 17:50:22 378336 ----a-w- C:\WINDOWS\System32\drivers\avgloga.sys
.
============= FINISH: 15:31:09.66 ===============
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm
Advertisement
Register to Remove

Re: Possible trojan, please help

Unread postby MWR 3 day Mod » August 3rd, 2015, 5:23 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Possible trojan, please help

Unread postby Gary R » August 9th, 2015, 9:55 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Gary R » August 9th, 2015, 10:03 am

Sorry you've been kept waiting so long, I've no idea why no one has picked up your topic before now. Sadly some topics just seem to "slip between the cracks" somehow.

Anyway, let's see if we can help you with your problem,

I see you have Windows 10 installed.

DDS is not fully compatible with that OS, so to give me a more reliable view of what is on your computer I'd like you to run a different scan for me.

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Anon67 » August 9th, 2015, 6:33 pm

hello, the logs produced by that new program do not fit within a post

I first tried both in one post, and then went to only one

even with only the first log:




Your message contains 781403 characters. The maximum number of allowed characters is 100000.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Gary R » August 10th, 2015, 1:08 am

You should be able to attach them.

To do that ....

Open the post editor (as if you were going to post the logs)
  • Scroll down below the text entry panel and click on Upload attachment
  • Click on Browse and browse to the file you want to attach.
  • Double click on the file to attach the file to your post.

To add another attachment ...

  • Click on Add the file
  • Scroll down below the text entry panel and click on Upload attachment
  • Click on Browse and browse to the file you want to attach.
  • Double click on the file to attach the file to your post.

When finished, click on Submit to submit your post (with the 2 attached logs)
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Anon67 » August 10th, 2015, 1:31 am

ok here they are

Addition.txt
FRST.txt
You do not have the required permissions to view the files attached to this post.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Gary R » August 10th, 2015, 7:15 am

There are some signs of infection in the logs you've supplied, but before we remove them I'd like you to run a couple of additional scans for me, so that we've got a more complete picture of what needs to be removed.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I'd like you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;quicksaver

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Anon67 » August 10th, 2015, 12:18 pm

adw log.txt
farbar log.txt
attaching
You do not have the required permissions to view the files attached to this post.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Gary R » August 10th, 2015, 5:20 pm

OK, let's get started cleaning up your machine.

First ...

Please uninstall the following programs.

Java 8 Update 31
StreamTorrent 1.0
Spybot - Search & Destroy
SpywareBlaster 5.2


Reboot your computer when you've uninstalled them all

Old versions of java can be (and usually are exploited).
Use of P2P programs is the quickest way to an infection that I know.
Spybot can interfere with the cleanup process, so we need to temporarily remove it while we clean up
Spyware Blaster is practically obsolete these days, and offers no protection that isn't already being done better by the built in programs that come with Windows.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s0].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
SearchScopes: HKU\S-1-5-21-3491128345-48547337-2951177495-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3491128345-48547337-2951177495-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-27]
FF Extension: ADB Helper - C:\Users\yisman\AppData\Roaming\Mozilla\Firefox\Profiles\zd4jwkhu.default\Extensions\adbhelper@mozilla.org [2015-07-02]
FF Extension: FindBar Tweak - C:\Users\yisman\AppData\Roaming\Mozilla\Firefox\Profiles\zd4jwkhu.default\Extensions\fbt@quicksaver.xpi [2014-01-15]
Task: {16ED9E88-E060-45F3-9200-857673BF2EF2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {275414AC-9D56-4934-A55B-840BA043B2D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3371631A-E245-466E-BC29-65D2DE904C40} - \ITECIR Filter Application for RCMM  -> No File <==== ATTENTION
Task: {58C989DA-7E11-44C7-8544-9BE85EB2C122} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C71A8F9-12CF-4924-B85C-6A2F5FF47C62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {78AC9EAD-CC35-4181-A42B-1D0B2E6A061F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7BB60024-E43C-4F42-87C9-C695F02CD5D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7BB60024-E43C-4F42-87C9-C695F02CD5D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8AE16288-1EA6-4474-A40D-F4E234C33816} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A44FB7A9-30BC-4FEC-A953-53374321E63B} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {B1F1DE84-EED9-44C2-9194-8106CEEDCDF0} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {BC93F24F-9ED0-4EC1-A377-9E1FFE5530F5} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {C2090C40-44BB-4926-B6ED-49537A3004F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CC45F446-BA2B-455F-80FB-3591BF73EED4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CCB9604B-240E-4063-9A40-602B2A21EC10} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E4734981-6584-4EC9-A7BB-D5EFD55B0408} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
FirewallRules: [{6E30CD25-673B-44CC-91E9-BBF5670755D0}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe
FirewallRules: [{3831B664-2A33-4043-8A45-9EA4C7299915}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe
FirewallRules: [UDP Query User{3576B432-799E-472F-8A8B-35A38C5173B0}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{B1250B89-4DC4-4127-A325-85E6741D9E05}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{F598944C-E542-4C69-8422-14F1ABFB7C7A}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [TCP Query User{120F95F6-4336-439D-9698-A2C9273B64C7}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{1C2CBD84-6580-4111-88E0-8EF6CE06809C}] => (Allow) LPort=2869
[-HKEY_USERS\S-1-5-21-3491128345-48547337-2951177495-1001\SOFTWARE\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar]
[-HKEY_USERS\S-1-5-21-3491128345-48547337-2951177495-1001\SOFTWARE\Conduit]
Hosts:
EmptyTemp:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Anon67 » August 10th, 2015, 7:27 pm

spyware blaster and spybot I'd been using for years, I use them because I used to be a neowin member and they recommended them

the p2p I used last year or maybe the year before to watch some games. Haven't used it this year.

Removed those and some other programs I found that I don't use or need.

Java I uninstalled what I had and found the most updated version

I restarted and ran the scan. It only found one thing, and that wasn't malware. That was vtoolbarupdater, which is an AVG thing to update. I removed it anyway since you said to remove whatever was found.

It then closed programs and restarted. No log file.

I'll try again.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Anon67 » August 11th, 2015, 12:44 am

ok I figured out the problem. Cortana in Windows 10 was being forcibly shut down by the program so each time it would tell me to sign out, so I clicked sign out, and that pre-empted the restart somehow and resulted in me just being logged out. The third time I ignored Cortana, clicked the ok on Adw, and got the proper restart.

I am attaching the log.


AdwCleaner[S2].txt



also attaching fixlog

Fixlog.txt
You do not have the required permissions to view the files attached to this post.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Gary R » August 11th, 2015, 1:20 am

Run a search, and see if you can find AdwCleaner[S0].txt, if you can, please post me the log.

The one you've posted is AdwCleaner[S2].txt, and there's nothing in it, because the stuff that was going to be removed has already been removed. I just want to see exactly what was removed, to make sure that there wasn't something that shouldn't have been.

Next ...

Can you please run a new scan with FRST

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • This time please check the Addition.txt button, or it won't produce that log, and I need to see it.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • AdwCleaner[S0].txt (if you can find it)
  • Latest FRST.txt
  • Latest Addition.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible trojan, please help

Unread postby Anon67 » August 11th, 2015, 12:06 pm

The only mention of AdwCleaner[S0].txt on my computer in within the text file I posted. I can't locate such a file. I do not know why one is not on my computer. When I did that fixlist, a lot of stuff got deleted. Perhaps somehow that got swept up in there. I checked my recycle bin and it's empty.

"AdwCleaner[R0].txt - [17739 bytes] - [10/08/2015 12:07:35]
AdwCleaner[R1].txt - [17799 bytes] - [10/08/2015 17:32:48]
AdwCleaner[R2].txt - [17859 bytes] - [10/08/2015 18:01:04]
AdwCleaner[R3].txt - [17919 bytes] - [10/08/2015 19:14:30]
AdwCleaner[R4].txt - [2047 bytes] - [10/08/2015 19:27:18]
AdwCleaner[R5].txt - [1188 bytes] - [11/08/2015 00:29:43]
AdwCleaner[S0].txt - [18477 bytes] - [10/08/2015 19:22:47]
AdwCleaner[S1].txt - [1637 bytes] - [10/08/2015 19:29:39]
AdwCleaner[S2].txt - [1114 bytes] - [11/08/2015 00:31:22]"


I am attaching logs from the FRST scan.

FRST.txt

Addition.txt


I temporarily disabled AVG, this is the only antivirus running. The thread you linked to seems a bit outdated, referring to older versions, but I found a way to disable AVG pretty easily.

Funny thing about ESET, it's not directly compatible with Edge, the Windows 10 browser. It requires a download like Mozilla

and here's the ESET file

ESET.txt
You do not have the required permissions to view the files attached to this post.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm

Re: Possible trojan, please help

Unread postby Anon67 » August 11th, 2015, 12:41 pm

Apparently the search bar at the bottom left of Windows 10 is not a comprehensive search. I did a search using folders->My PC and it came up with something.

Attaching.

AdwCleaner[S0].txt
You do not have the required permissions to view the files attached to this post.
Anon67
Regular Member
 
Posts: 19
Joined: July 28th, 2015, 12:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware