Author Topic: [Resolved - K] AVG Secure Search "general threat" detected  (Read 5293 times)

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #15 on: December 09, 2014, 12:13:05 AM »
I did the online scan, and no threats were found.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #16 on: December 09, 2014, 04:21:46 AM »
Open FRST one more time, if it asks to update allow that to happen. Under "Whitelist" ensure all boxes are checkmarked, under "Optional scan" ensure only "Addition.txt" is checkmarked.
Select scan, post the two logs that are produced. Also give an update on any remaining issues or concerns....

Thanks,

Kevin...

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #17 on: December 09, 2014, 09:27:23 PM »
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Zack (administrator) on ZACK-PC on 09-12-2014 22:21:11
Running from C:\Users\Zack\Desktop
Loaded Profile: Zack (Available profiles: Zack)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Igor Pavlov) C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
() C:\Windows\Temp\7zS53D9.tmp\Setup.exe
() C:\Windows\Temp\7zS53D9.tmp\AVG-Secure-Search-Update.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKU\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-913676279-1143746095-4277644156-1001 -> DefaultScope {84826FE9-117F-453A-B87D-6E19895168C3} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-913676279-1143746095-4277644156-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-913676279-1143746095-4277644156-1001 -> {84826FE9-117F-453A-B87D-6E19895168C3} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSIEChrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0}: [NameServer] 184.172.114.130,208.43.110.90

FireFox:
========
FF ProfilePath: C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default
FF NewTab: google.com
FF Homepage: google.com
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-913676279-1143746095-4277644156-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Flash Video Downloader - Full HD Download (4K) - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\Extensions\artur.dubovoy@gmail.com [2014-11-24]
FF Extension: Custom New Tab - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\Extensions\CNT@ednovak.net.xpi [2014-12-08]
FF Extension: ExHentai Easy 2 - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-10-20]
FF Extension: Adblock Edge - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-913676279-1143746095-4277644156-1001\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF

Chrome:
=======
CHR StartupUrls: Default -> "https://www.facebook.com/"
CHR Profile: C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AdBlock) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-08]
CHR Extension: (New Tab Redirect) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 1999-12-31] (Intel Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-13] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-13] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-13] (ASUS Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-14] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 1999-12-31] (Intel Corporation)
S0 PxHelp20; C:\Windows\SysWOW64\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-03] ()
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [17568 2014-12-05] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
U4 Yontoo Desktop Updater; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 21:34 - 2014-12-09 21:34 - 00002436 _____ () C:\Windows\System32\Tasks\1214avUpdateInfo
2014-12-09 21:34 - 2014-12-09 21:34 - 00000320 _____ () C:\Windows\Tasks\1214avUpdateInfo.job
2014-12-09 21:34 - 2014-12-09 21:34 - 00000000 ____D () C:\ProgramData\Avg_Update_1214av
2014-12-08 23:17 - 2014-12-08 23:17 - 00000000 __SHD () C:\Users\Zack\AppData\Local\EmieBrowserModeList
2014-12-08 13:02 - 2014-12-08 13:02 - 00448512 _____ (OldTimer Tools) C:\Users\Zack\Desktop\TFC.exe
2014-12-07 22:32 - 2014-12-07 22:33 - 00026817 _____ () C:\Users\Zack\Desktop\Addition.txt
2014-12-07 22:31 - 2014-12-09 22:21 - 00016304 _____ () C:\Users\Zack\Desktop\FRST.txt
2014-12-07 22:31 - 2014-12-09 22:21 - 00000000 ____D () C:\FRST
2014-12-07 22:31 - 2014-12-07 22:31 - 02119680 _____ (Farbar) C:\Users\Zack\Desktop\FRST64.exe
2014-12-07 22:19 - 2014-12-07 22:19 - 32507072 _____ (Microsoft Corporation) C:\Users\Zack\Desktop\Windows-KB890830-x64-V5.18.exe
2014-12-07 22:17 - 2014-12-07 22:17 - 00008904 _____ () C:\Users\Zack\Desktop\JRT.txt
2014-12-07 22:13 - 2014-12-07 22:13 - 01707646 _____ (Thisisu) C:\Users\Zack\Desktop\JRT.exe
2014-12-07 22:01 - 2014-12-07 22:05 - 00000000 ____D () C:\AdwCleaner
2014-12-07 22:01 - 2014-12-07 22:01 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 22:00 - 2014-12-07 22:00 - 02153472 _____ () C:\Users\Zack\Desktop\AdwCleaner.exe
2014-12-07 21:19 - 2014-12-07 21:19 - 00000000 ____D () C:\Users\Zack\Desktop\hob
2014-12-06 02:19 - 2014-12-06 02:19 - 00000000 ____D () C:\Users\Zack\Desktop\New folder
2014-12-05 10:25 - 2014-12-05 10:25 - 00017568 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-12-02 21:19 - 2014-12-02 21:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-22 02:09 - 2014-11-22 02:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-18 20:40 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:40 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:40 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:40 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-13 04:14 - 2014-11-13 17:21 - 00000000 ____D () C:\Users\Zack\MSYNC
2014-11-11 21:14 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:14 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:14 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:14 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:14 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:14 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:14 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:14 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:14 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:14 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:14 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:14 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:14 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:14 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:14 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:14 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:14 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:14 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:14 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:14 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:14 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:14 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:14 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:14 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:14 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:14 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:14 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:14 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:14 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:14 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:14 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:14 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:14 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:14 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:14 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:14 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:14 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:14 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:14 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:14 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:14 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:14 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:14 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:14 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:14 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:14 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:14 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:14 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:14 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:14 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:14 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:14 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:14 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:14 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:14 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:14 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:14 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:14 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:14 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:14 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:14 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:14 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:14 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:14 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:14 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:14 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:14 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 21:13 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:13 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:13 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:13 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:13 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:13 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:13 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:13 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:13 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:13 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:13 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:13 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:13 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:13 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:13 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:13 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:13 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:12 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:12 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 22:05 - 2012-11-16 20:41 - 01851519 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 21:42 - 2012-06-29 02:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 21:39 - 2014-06-20 21:41 - 00003242 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-12-09 21:39 - 2013-04-27 17:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 21:37 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 21:37 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 21:35 - 2013-04-27 18:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-09 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 21:30 - 2009-07-13 23:51 - 00132519 _____ () C:\Windows\setupact.log
2014-12-09 04:28 - 2013-04-27 17:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 13:02 - 2013-12-22 02:21 - 00000000 ____D () C:\Users\Zack\Desktop\anti virus
2014-12-08 12:43 - 2012-06-29 02:04 - 00266968 _____ () C:\Windows\PFRO.log
2014-12-07 21:31 - 2014-07-22 12:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 21:28 - 2013-12-08 23:07 - 00000297 _____ () C:\DelFix.txt
2014-12-07 21:28 - 2013-12-03 22:59 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 22:42 - 2014-07-22 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 22:42 - 2014-07-22 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 04:39 - 2013-05-20 02:24 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\vlc
2014-12-02 00:54 - 2013-06-07 14:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 23:42 - 2012-06-29 02:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 23:42 - 2012-06-29 02:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 23:42 - 2012-06-29 02:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-22 12:36 - 2013-04-29 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-21 06:14 - 2014-07-22 12:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-12-04 17:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2013-12-04 16:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 01:59 - 2013-11-30 02:57 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-11-20 02:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-19 21:27 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 22:49 - 2013-04-27 19:34 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Skype
2014-11-14 13:23 - 2013-04-27 17:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:23 - 2013-04-27 17:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 23:01 - 2013-12-19 12:38 - 00000000 ____D () C:\Users\Zack\AppData\Local\Battle.net
2014-11-13 12:57 - 2014-03-31 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-13 12:57 - 2013-10-28 16:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-11-13 12:57 - 2013-04-27 18:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-13 04:14 - 2013-04-27 17:35 - 00000000 ____D () C:\Users\Zack
2014-11-12 22:22 - 2009-07-14 00:08 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 12:41 - 2009-07-13 23:45 - 00323720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:12 - 2013-04-27 21:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:08 - 2014-09-05 19:38 - 00000000 ____D () C:\Windows\system32\MRT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-29 14:10

==================== End Of Log ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #18 on: December 10, 2014, 03:52:09 AM »
Upload a File to Virustotal

Go to http://www.virustotal.com/
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Post the results of that file, also give an update on any remaining issues or concerns..

Thanks,

Kevin.

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #19 on: December 10, 2014, 09:46:41 PM »
SHA256:   598178ccd7555a342c8e0fa0dcfd44ecb56c781c15c5b2d498d4e7dbcb32bac6
File name:   Launcher.exe
Detection ratio:   0 / 56
Analysis date:   2014-12-11 03:43:05 UTC ( 2 minutes ago )

Antivirus   Result   Update
ALYac      20141211
AVG      20141211
AVware      20141209
Ad-Aware      20141211
AegisLab      20141211
Agnitum      20141210
AhnLab-V3      20141211
Antiy-AVL      20141211
Avast      20141211
Avira      20141211
Baidu-International      20141210
BitDefender      20141211
Bkav      20141210
ByteHero      20141211
CAT-QuickHeal      20141210
CMC      20141211
ClamAV      20141211
Comodo      20141210
Cyren      20141211
DrWeb      20141211
ESET-NOD32      20141211
Emsisoft      20141211
F-Prot      20141211
F-Secure      20141210
Fortinet      20141210
GData      20141211
Ikarus      20141211
Jiangmin      20141210
K7AntiVirus      20141210
K7GW      20141210
Kaspersky      20141211
Kingsoft      20141211
Malwarebytes      20141211
McAfee      20141211
McAfee-GW-Edition      20141211
MicroWorld-eScan      20141211
Microsoft      20141211
NANO-Antivirus      20141211
Norman      20141210
Panda      20141210
Qihoo-360      20141211
Rising      20141210
SUPERAntiSpyware      20141211
Sophos      20141211
Symantec      20141211
Tencent      20141211
TheHacker      20141208
TotalDefense      20141210
TrendMicro      20141211
TrendMicro-HouseCall      20141211
VBA32      20141210
VIPRE      20141211
ViRobot      20141211
Zillya      20141210
Zoner      20141210
nProtect      20141210

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #20 on: December 11, 2014, 05:08:59 AM »
Any remaining issues or concerns?

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #21 on: December 11, 2014, 09:33:13 PM »
No matter what I do the AVG Secure Search page is stuck as my new tab in Firefox. Even when I click "restore default new tab" and follow the instructions, it's still there.

Other than that, everything is running great. :t

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #22 on: December 12, 2014, 04:43:00 AM »
Continue as follows:

Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Scan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

Code: [Select]
services_list;
standardsearch;
autoclean;
emptyclsid;
emptyfolderscheck;delete
firefoxlook;
chromelook;
FFdefaults;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

Next,

Download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bitů.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:regfind
*AVG-Secure-Search*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Post logs from FRST, Zoek and SystemLook, also give update on any remaining issues or concerns...

Thanks,

Kevin...



Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #23 on: December 14, 2014, 07:23:28 PM »
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Zack at 2014-12-14 20:18:27 Run:1
Running from C:\Users\Zack\Desktop
Loaded Profile: Zack (Available profiles: Zack)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
U4 Yontoo Desktop Updater; No ImagePath
Task: {9260343F-7DC1-4920-A46A-3876F4F94A49} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe [2014-10-26] ()
C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
EmptyTemp:
end



*****************

Yontoo Desktop Updater => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9260343F-7DC1-4920-A46A-3876F4F94A49}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9260343F-7DC1-4920-A46A-3876F4F94A49}" => Key deleted successfully.
C:\Windows\System32\Tasks\1214avUpdateInfo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214avUpdateInfo" => Key deleted successfully.
C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe => Moved successfully.
C:\Windows\Tasks\1214avUpdateInfo.job => Moved successfully.
C:\ProgramData\Temp => ":8CE646EE" ADS removed successfully.
EmptyTemp: => Removed 693.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #24 on: December 14, 2014, 07:26:28 PM »
SystemLook 30.07.11 by jpshortstuff
Log created at 20:25 on 14/12/2014 by Zack
Administrator - Elevation successful

========== regfind ==========

Searching for "*AVG-Secure-Search*"
No data found.

-= EOF =-

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #25 on: December 14, 2014, 07:52:39 PM »
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by Zack on Sun 12/14/2014 at 20:28:01.01.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Zack\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/14/2014 8:30:44 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MeteorEntertainment deleted successfully
C:\PROGRA~2\Yahoo! deleted successfully
C:\PROGRA~3\Avg_Update_1214av deleted successfully
C:\PROGRA~3\Corel PDF Fusion deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully
C:\Users\Zack\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Zack\AppData\Local\Adobe deleted successfully
C:\Users\Zack\AppData\Local\DriverTuner deleted successfully
C:\Users\Zack\AppData\Local\Solid State Networks deleted successfully
C:\Users\Zack\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully
HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Mozilla\Firefox\Extensions\pp@perk.com deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Zack\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\prefs.js:
user_pref("browser.startup.homepage", "google.com");
user_pref("browser.newtab.url", "google.com");
user_pref("keyword.URL", "");

Added to C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\PROGRA~2\Media Player Classic - Home Cinema deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Zack\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\Users\Zack\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\jetpack deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3982 MB
CPU Info: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
CPU Speed: 2435.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR9485 Wireless Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208BB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  186.3GB | D:  254.1GB
Hard Disks - Free: C:  21.2GB | D:  30.2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/20/12 | _ASUS_ - 1072009
Time Zone: Eastern Standard Time
Motherboard *: ASUSTeK COMPUTER INC. K55A
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Google Chrome   39.0.2171.95
Internet Explorer Version: 11.0.9600.17501
Mozilla Firefox version: 34.0.5 (x86 en-US)
Google Chrome version: 39.0.2171.95
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.246

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Zack\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-12-10 06:42:05   E8CC0C545A001AA0CAC9789EDE2E4DC9   3981488   ----a-w-   C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 05:28:40   E1456E7396022EBE4E5434188D1AC8B0   1230336   ----a-w-   C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:28:33   F98B3860BB47089EA8C1504F043E90E9   342200   ----a-w-   C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:28:33   F34F6DC38A21FCDBB50CDD1EE97B1EA3   1307136   ----a-w-   C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:28:33   F25284C763E728E4DAC248C211D1FC5B   76288   ----a-w-   C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:28:33   D7A98A4CEA2E89F544065A00BF37FC10   688640   ----a-w-   C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:28:33   BB25F69463AD8E7E51B5D9D158B5F8DF   30720   ----a-w-   C:\Windows\SysWOW64\iernonce.dll
2014-12-10 05:28:33   69AC6FD5B0B4DC963723E1EBDEE10A2C   285696   ----a-w-   C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:28:33   2EADED07BDA52C1FC5A6D4E1CC5858F0   47616   ----a-w-   C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 05:28:33   2ABC5587D582ACCEA30B4CF968C2A4A5   60416   ----a-w-   C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 05:28:33   220505B0B3E96C857DD01729AF0CD369   19749376   ----a-w-   C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:28:31   F0BCBD8FCDA145EED53ED66C45CC378B   62464   ----a-w-   C:\Windows\SysWOW64\iesetup.dll
2014-12-10 05:28:31   DEB9476A3CD1A5819DD4504BB7C6BA66   2724864   ----a-w-   C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 05:28:31   41AFA61E061E98E97272AC02184C8C2C   710144   ----a-w-   C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:28:30   EC5A3E4E21079B9D423AA0760828D678   620032   ----a-w-   C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 05:28:30   543ADCEA31CF9C2B4EEB900D4AAFD0F9   2052096   ----a-w-   C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:28:30   01777AB557997E98691E322225314E57   2277888   ----a-w-   C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:28:29   759E2FAD5371512C6679FA346719493E   47104   ----a-w-   C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 05:28:28   D90585C3BE942DAAFBDC868FDC061844   115712   ----a-w-   C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 05:28:27   CF9D05678B02B44FBC8D8AD8C9F30D58   478208   ----a-w-   C:\Windows\SysWOW64\ieui.dll
2014-12-10 05:28:27   35BD045804B67E78F4CAB72CB820AF7F   418304   ----a-w-   C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 05:28:26   B59E370277EDB6643083B62297175628   12836864   ----a-w-   C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:28:25   F728E7E9937117E0F32F39840EB6D737   4299264   ----a-w-   C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:28:25   930F63D6BC43D4BCD937DFCECDA95F82   168960   ----a-w-   C:\Windows\SysWOW64\msrating.dll
2014-12-10 05:28:25   5E4E0E43E0A5BF9F089696DFA7A3D677   1888256   ----a-w-   C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:28:25   37F078B5B435AFC6BF316F2AD14B469A   501248   ----a-w-   C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:28:25   2E9E105037AC1274656C3D1125323352   1155072   ----a-w-   C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 05:28:25   29CED1A4777A43526A4ED8A7B6936883   64000   ----a-w-   C:\Windows\SysWOW64\MshtmlDac.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-12-10 05:28:43   A9A0BFD706B3A24C403EEFEB0790D011   1424384   ----a-w-   C:\Windows\Sysnative\WindowsCodecs.dll
2014-12-10 05:28:33   F987718A5CA053DC23E94A531F1754A4   34304   ----a-w-   C:\Windows\Sysnative\iernonce.dll
2014-12-10 05:28:33   D471F7A428C21DB04D810445D12D68E0   48640   ----a-w-   C:\Windows\Sysnative\ieetwproxystub.dll
2014-12-10 05:28:33   9F07E8FC75C5F98A783ABFD3005EFC22   77824   ----a-w-   C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-10 05:28:33   39B512C643812FC2D4843C0D4206C759   718848   ----a-w-   C:\Windows\Sysnative\ie4uinit.exe
2014-12-10 05:28:33   0FABE2AB8CA2D5CC7C95798533B4D057   114688   ----a-w-   C:\Windows\Sysnative\ieetwcollector.exe
2014-12-10 05:28:33   077AEB068A51B396F25BBCAB0944FC3A   2724864   ----a-w-   C:\Windows\Sysnative\mshtml.tlb
2014-12-10 05:28:30   E7A2061ADF0F4D430FECDA1E8D6B7BA6   1548288   ----a-w-   C:\Windows\Sysnative\urlmon.dll
2014-12-10 05:28:30   B4E481E9498CE22113628C4E9EA24427   4096   ----a-w-   C:\Windows\Sysnative\ieetwcollectorres.dll
2014-12-10 05:28:30   5BF0BAA1E5EF724287565E97C9219254   389296   ----a-w-   C:\Windows\Sysnative\iedkcs32.dll
2014-12-10 05:28:27   EBC8C9F61F4C148B8C6A28EDE80C51E4   968704   ----a-w-   C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-12-10 05:28:27   14BA910E7731FC84EB85328BD0F1EE81   800768   ----a-w-   C:\Windows\Sysnative\msfeeds.dll
2014-12-10 05:28:27   0AF0AEF0BA9EF6169E61C78504DCAE55   316928   ----a-w-   C:\Windows\Sysnative\dxtrans.dll
2014-12-10 05:28:26   EFBA893429814EA3244C87C2D1256618   800768   ----a-w-   C:\Windows\Sysnative\ieapfltr.dll
2014-12-10 05:28:26   3FE71E2A5BD3EC652E64FC8BCEFEDD2C   2125312   ----a-w-   C:\Windows\Sysnative\inetcpl.cpl
2014-12-10 05:28:26   23AE7A3B44D5C550B81347288CE3230E   66560   ----a-w-   C:\Windows\Sysnative\iesetup.dll
2014-12-10 05:28:25   DFECAE6D925FBC9078870E16F98C471F   54784   ----a-w-   C:\Windows\Sysnative\jsproxy.dll
2014-12-10 05:28:25   982B871A25B5078093FAD82D0AB0E3FC   2885120   ----a-w-   C:\Windows\Sysnative\iertutil.dll
2014-12-10 05:28:25   5F24313333AB409251152CAFADA40015   144384   ----a-w-   C:\Windows\Sysnative\ieUnatt.exe
2014-12-10 05:28:24   F7CCA58B973FB5EAED8D1F12DD3E51F6   490496   ----a-w-   C:\Windows\Sysnative\dxtmsft.dll
2014-12-10 05:28:24   8EF01E2EF21D41A23FF70B28179F9ABE   633856   ----a-w-   C:\Windows\Sysnative\ieui.dll
2014-12-10 05:28:24   556D271F4243B273EDA353512BF3608A   14412800   ----a-w-   C:\Windows\Sysnative\ieframe.dll
2014-12-10 05:28:23   DB10D681314714E0D4623E4C0CF6654A   92160   ----a-w-   C:\Windows\Sysnative\mshtmled.dll
2014-12-10 05:28:23   7AC115968B8856004920057B2271224C   1359360   ----a-w-   C:\Windows\Sysnative\mshtmlmedia.dll
2014-12-10 05:28:23   021DFF3CB0ADCD19B3AAA00A650FDEE2   814080   ----a-w-   C:\Windows\Sysnative\jscript9diag.dll
2014-12-10 05:28:22   8D64466AD12CA5677CD0099C43C58569   6039552   ----a-w-   C:\Windows\Sysnative\jscript9.dll
2014-12-10 05:28:22   89296EF4A3729A049DA25B7D67A04078   199680   ----a-w-   C:\Windows\Sysnative\msrating.dll
2014-12-10 05:28:22   4AF089160FE082E5EA5C4AA72782DCA2   2358272   ----a-w-   C:\Windows\Sysnative\wininet.dll
2014-12-10 05:28:22   1D294810D3A8A8F722E86AA001F54DCC   580096   ----a-w-   C:\Windows\Sysnative\vbscript.dll
2014-12-10 05:28:22   17A157A4225CF562202AC71DB8103177   88064   ----a-w-   C:\Windows\Sysnative\MshtmlDac.dll
2014-12-10 05:28:21   D478A4CF07FB8ADF72FB16B88E8030B8   25059840   ----a-w-   C:\Windows\Sysnative\mshtml.dll
====== C:\Windows\Sysnative\drivers =====
2014-12-05 15:25:04   F8C46A0B35C94C2FDACB50463D883A35   17568   ----a-w-   C:\Windows\Sysnative\drivers\gtkdrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-12-15 01:09:14   --------   d-----w-   C:\PROGRA~2\COMMON~1\Java
2014-12-15 01:04:33   --------   d-----w-   C:\PROGRA~2\COMMON~1\Adobe
2014-12-15 01:04:33   --------   d-----w-   C:\PROGRA~2\Adobe
======= C: =====
2014-12-08 03:01:19   8D987BE841B404B83E6CE18C33C44C88   55   ----a-w-   C:\AdwCleanerDebug.txt
====== C:\Users\Zack\AppData\Roaming ======
2014-12-09 04:19:59   --------   d-sh--w-   C:\Users\Zack\AppData\Locallow\EmieBrowserModeList
2014-12-09 04:17:00   --------   d-sh--w-   C:\Users\Zack\AppData\Local\EmieBrowserModeList
====== C:\Users\Zack ======
2014-12-15 01:25:03   F783EC309D42813F74319EB776153B2B   165376   ----a-w-   C:\Users\Zack\Desktop\SystemLook_x64.exe
2014-12-08 18:02:36   788FCDDD88240A85039F7F561093B118   448512   ----a-w-   C:\Users\Zack\Desktop\TFC.exe
2014-12-08 03:31:23   4EF3D33B04CFC213F194A9C5A15E749E   2119168   ----a-w-   C:\Users\Zack\Desktop\FRST64.exe
2014-12-08 03:19:34   4DEDE96BD568BD11DC92C6D893666E1E   32507072   ----a-w-   C:\Users\Zack\Desktop\Windows-KB890830-x64-V5.18.exe
2014-12-08 03:13:06   C254F3ECEB9B1AC795BA6B25DE008EBA   1707646   ----a-w-   C:\Users\Zack\Desktop\JRT.exe
2014-12-08 03:00:24   AF506E0B71016682293AC3814A7D62BA   2153472   ----a-w-   C:\Users\Zack\Desktop\AdwCleaner.exe

====== C: exe-files ==
2014-12-15 01:25:16   ABA5454313C35929E0C72AA81D21FCB2   544   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-913676279-1143746095-4277644156-1001\$IAX9ZVL.exe
2014-12-15 01:08:16   E3E6B18458FFB07CB24D7A0BA77C9FDF   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-12-15 01:08:16   DC197DCE6325CBAC905DE0D0E3BA3E8E   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-12-15 01:08:16   BB8C890E3E6372F2720709262BD42BF4   30632   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-12-15 01:08:16   B719E0F43166037DF46B5CFBE60A5118   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-12-15 01:08:16   AA3520FB0133A56BEE1DB34D74DBEF64   176552   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-12-15 01:08:16   A458E2535E46151690E53E2A03FAA711   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-12-15 01:08:16   9BFAEF308D50779F6B255CB7BA7DCA5A   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-12-15 01:08:16   7AB1F1B3FB6C3DACA34EA2F988CDF5AC   16296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-12-15 01:08:16   75EE99C7F0038C746D82C76221ECA4EF   16296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-12-15 01:08:16   75D477E868CA51EC1B09D730570F322B   176552   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-12-15 01:08:16   74713E9C1B01B152DDD3A1A3519A3647   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-12-15 01:08:16   70E67429D2C011FD0419AF899A8D0D70   68520   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-12-15 01:08:16   691D49FB44EDE9788288CABE4F7E0DAF   272296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-12-15 01:08:16   67F763B09F4BC8689E6FA9761E068D74   159656   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-12-15 01:08:16   57E1F756FAA787623DFCD2C1B2AACC68   51112   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-12-15 01:08:16   4367C05B0CF5553E71B34F51003D0615   76200   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-12-15 01:08:16   4109C4DB4BD48F5BF8115C7523A6B6F8   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-12-15 01:08:16   33D2AF53E209DA3E2BA939EB89801DC0   16296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-12-15 01:08:16   29E65AC6AFD8A0A9CAA361FF6F7B4886   16296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-12-15 01:08:16   28FC00F89631B0F6E1E9CA386FADD566   16296   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-12-15 01:08:16   26C7F32186B1F0364CD06EA69227A79D   15784   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-12-15 01:07:08   3A582BF6FD39DC6A52AAF316126B40BA   638888   ----a-w-   C:\$RECYCLE.BIN\S-1-5-21-913676279-1143746095-4277644156-1001\$RAX9ZVL.exe
2014-12-11 17:16:08   7543EB509DCAAD14441E6D6E1A9D815C   80008   ----a-w-   C:\Program Files\Microsoft Silverlight\5.1.31211.0\coregen.exe
2014-12-11 17:16:08   6368E5F574AAA4F005D44A0E0F10BA66   523920   ----a-w-   C:\Program Files\Microsoft Silverlight\sllauncher.exe
2014-12-11 17:16:08   48344819D332CD91444DB4684BF30CF9   304816   ----a-w-   C:\Program Files\Microsoft Silverlight\5.1.31211.0\Silverlight.Configuration.exe
2014-12-11 17:16:08   0249C742BD0AE0F70C9A1E82D00E0D96   17544   ----a-w-   C:\Program Files\Microsoft Silverlight\5.1.31211.0\agcp.exe
2014-12-11 16:53:12   B76732459011D66823BC19318409E162   237232   ----a-w-   C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\Silverlight.Configuration.exe
2014-12-11 16:53:12   9DDBAFE6EA118A0AFBA2AE79A673778E   16520   ----a-w-   C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\agcp.exe
2014-12-11 16:53:12   937A5E0B86C60CDFA83BD0CCB66CE4FD   68744   ----a-w-   C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\coregen.exe
2014-12-11 16:53:12   40B5F7A9ABE0BF6AD9CDC53418B33642   387216   ----a-w-   C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
2014-12-10 05:28:33   A8A8FD02E3A9264A603892DE1F522166   221184   ----a-w-   C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-12-10 05:28:30   B7BCC767AC0E76384BCDC292184DD8C8   222720   ----a-w-   C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-10 05:28:30   A24BFBAE8B50A6780B68FF3673FAB52F   815280   ----a-w-   C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-12-10 05:28:30   43CE0C99DBC0F96DB2B7259B0BE0930E   468992   ----a-w-   C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-12-10 05:28:26   C3D17F3199D39A2AB85956A63731F188   484352   ----a-w-   C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-10 05:28:25   2A9DA9E7462EBA3F6D2036E8D18FF773   813744   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
2014-12-10 03:29:07   450BDEE760894CE151404E41819E964F   1097808   ----a-w-   C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_39.0.2171.71_chrome_updater.exe
2014-12-10 02:33:48   D3AC8B90796EE8EF3B91465664F634A6   7141064   ----a-w-   C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
=== C: other files ==
2014-12-15 01:08:16   CE44A9D4918DCDC7CCCF5503BF4D7A3D   14130   ----a-w-   C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-12-08 20:30:03   AC8E0E28D993898E7759279543A450AD   14160   ----a-w-   C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\extensions\CNT@ednovak.net.xpi
2014-12-08 19:44:28   BCF28E2D5A6163FD355DA377980C194A   4292   ----a-w-   C:\ProgramData\GridinSoft\Trojan Killer\storage\419816142149421.zip
2014-12-08 19:44:28   446761A76D64E91EA24049D0F202EF82   14444   ----a-w-   C:\ProgramData\GridinSoft\Trojan Killer\storage\419816142158449.zip
2014-12-08 02:21:57   134357BED7B211D56A80D67C1C7236B9   28667   ----a-w-   C:\ProgramData\GridinSoft\Trojan Killer\storage\419808902492014.zip
2014-12-08 02:21:56   F0013076EDB9ABEDEDDFB50FFB226D1D   17170   ----a-w-   C:\ProgramData\GridinSoft\Trojan Killer\storage\419808902370718.zip
2014-12-08 02:21:55   43AE5516C6AC683C06515E30FC7599BC   12236   ----a-w-   C:\ProgramData\GridinSoft\Trojan Killer\storage\419808902248958.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
"APSDaemon"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"ACMON"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe"
"ASUS Screen Saver Protector"="C:\\Windows\\AsScrPro.exe"
"ATKMEDIA"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Media\\DMedia.exe"
"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"Wondershare Helper Compact.exe"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Zack\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yontoo Desktop"
"hkey"="HKCU"
"command"="\"C:\\Users\\Zack\\AppData\\Roaming\\Yontoo\\YontooDesktop.exe\""


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"ASUS Quick Gesture (x86)"="C:\\Program Files (x86)\\ASUS\\ASUS Smart Gesture\\QuickGesture\\x86\\QuickGesture.exe"
"ASUS Quick Gesture (x64)"="C:\\Program Files (x86)\\ASUS\\ASUS Smart Gesture\\QuickGesture\\x64\\QuickGesture64.exe"
"ASUS TP Center (x64)"="C:\\Program Files (x86)\\ASUS\\ASUS Smart Gesture\\AsTPCenter\\x64\\AsusTPCenter.exe"
"XboxStat"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/10/2014 01:42 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/27/2013 05:51 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\Windows\SysNative\tasks\ASUS Wireless Console 3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\PandaUSBVaccine" ["C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Trojan Killer" ["C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe"]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]
"C:\Windows\SysNative\tasks\{20377ED7-3D29-420D-948D-4141EEACA34F}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{BA49A9B8-AA33-4436-AAD1-A6104277D668}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default
- Undetermined - artur.dubovoy@gmail.com
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\artur.dubovoy@gmail.com
- Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi
- ExHentai Easy 2 - %ProfilePath%\extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default
9860727E477F17B88E39AF8B69B0407A   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll -   Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)


AdBlock - Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
NTR - Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

==== Chromium Fix ======================

C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{84826FE9-117F-453A-B87D-6E19895168C3}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{84826FE9-117F-453A-B87D-6E19895168C3} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418606546
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8594177-8815-4E1B-9D1F-E4F340E512BE}: NameServer = 184.172.114.130,208.43.110.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9205CE0-11F9-4E16-8724-AB577FD654D0}: NameServer = 184.172.114.130,208.43.110.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 184.172.114.130,208.43.110.90
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 184.172.114.130,208.43.110.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 184.172.114.130,208.43.110.90
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSIEChrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32H5UWFV will be deleted at reboot
C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5XTM81W will be deleted at reboot
C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNFWWJMH will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1305 folders=103 417882910 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\TEMP.Zack-PC\AppData\Local\Temp emptied successfully
C:\Users\Zack\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Zack\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32H5UWFV" not found
"C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5XTM81W" not found
"C:\Users\Zack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNFWWJMH" not found

==== EOF on Sun 12/14/2014 at 20:51:20.40 ======================

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #26 on: December 14, 2014, 07:57:18 PM »
After doing these scans, when I reboot my computer Trojan Killer is showing the Adobe Launcher as a threat. It's done this twice. I didn't bother moving it to quarantine because I'd like to know what you think first.

EDIT: Also, AVG Secure Search still shows up when I open a new tab in Firefox no matter what I do.
« Last Edit: December 14, 2014, 08:08:02 PM by mooseboy018 »

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #27 on: December 15, 2014, 12:16:36 AM »
I just noticed that Zoek did something that's keeping me from using my Wondershare editing software. It's still on my computer, but when I click the shortcut it says VideoEditor.exe has been moved. And when I searched for it, it's in some Zoek folder. How do I restore the program to the way it was?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #28 on: December 15, 2014, 05:00:39 AM »
For Firefox/AVG Secure Search issue go here: https://support.mozilla.org/en-US/questions/983923 follow instructions carefully for clean reinstall.

For Wondershare, Zoek currently has no restore feature (apparently is job progress) best option is to re-install wondershare. Critical system files are whitelisted so are never under threat from Zoek....

For Adobe Speed launcher, is seen as threat because of vulnerability issues as its default setting is to run at boot. It does show as disabled in Zoek so am not really sure why is seen as a threat by Trojan Killer

Quote
==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

Does TK allow you to accept the threat and add an exclusion?

Let me know if any remaining issues or concerns...

Thanks,

Kevin...

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [Resolved - K] AVG Secure Search "general threat" detected
« Reply #29 on: January 12, 2015, 03:41:25 PM »
Sorry it's been so long since I posted. I was busy over the holidays, and I haven't had any problems that needed immediate attention.

I'm going to try uninstalling Firefox with that link you provided later tonight. And I told Trojan Killer to ignore Adobe, so it doesn't see it as a threat anymore. And I was wondering if it was alright to delete/uninstall all of the programs you've had me install to scan my computer (FRST64, zoek, etc.). They're just kind of sitting in a folder on my desktop now, and I assume I should be done with them and all the text files they've created.