Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

softonic and linkeyproject browser hijacker


  • This topic is locked This topic is locked
10 replies to this topic

#1 Fourbits

Fourbits

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 24 January 2014 - 06:03 PM

I downloaded a piece of garbage software from softonic and refused all the additional ride along software but, it didn't matter. My browsers were hijacked and changed so that the home page is now linkeyproject and there are adds everywhere.

I must be getting slack in my old age.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Paul at 15:50:44 on 2014-01-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4088.1282 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Paul\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
C:\Program Files (x86)\LiveZilla\LiveZilla.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
uURLSearchHooks: {a060276a-53be-45ec-8ebe-b94b1e803179} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: LinkeyBHO: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [googletalk] C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Paul\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [LiveZilla] "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Paul\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
TCP: NameServer = 69.145.248.4 69.146.17.2 69.144.49.29
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7} : DHCPNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\84F6D656 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\C696E6B6379737 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\C696E6B6379737 : DHCPNameServer = 69.145.248.4 69.146.17.2 69.144.49.29
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\D497E4564777F627B6 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\D497E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\D697177756374703033393 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}\D697177756374703033393 : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LinkeyBHO: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2549263&SearchSource=2&CUI=UN01178334889498822&UM=&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2013-12-15 10:44; {4cc4a13b-94a6-7568-370d-5f9de54a9c7f}; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - ExtSQL: 2013-12-16 18:05; readability@readability.com; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\readability@readability.com.xpi
FF - ExtSQL: 2013-12-17 13:41; restartless.restart@erikvold.com; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\restartless.restart@erikvold.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-2-27 226616]
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-2-29 22600]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-6-21 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-3-21 421704]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2011-3-17 15408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-8 344064]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-21 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-23 50344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-24 701512]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-19 63168]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2011-2-19 45056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-16 5087584]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-18 80184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-9 245760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-24 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-27 314400]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2011-2-11 848384]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-2-27 38456]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
RUnknown hlnfd;hlnfd; [x]
RUnknown hlsvc;hlsvc; [x]
RUnknown Update Jump Flip;Update Jump Flip; [x]
RUnknown Util Jump Flip;Util Jump Flip; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-4-2 68096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-18 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-6 19456]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2011-3-20 23040]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2011-3-20 71168]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2013-10-28 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-6 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-19 1255736]
SUnknown 24x7HelpSvc;24x7HelpSvc; [x]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .js: Applications\HTMLKit.exe="C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-24 16:58:11    --------    d-----w-    C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-01-24 16:58:04    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-24 16:58:03    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-24 16:58:02    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 16:22:21    --------    d-----w-    C:\Users\Paul\AppData\Local\WeatherBug
2014-01-24 16:22:12    --------    d-----w-    C:\Program Files (x86)\AWS
2014-01-24 16:21:51    --------    d-----w-    C:\Users\Paul\AppData\Local\FinalMediaPlayer
2014-01-24 16:21:48    --------    d-----w-    C:\Program Files (x86)\FinalMediaPlayer
2014-01-24 16:21:42    --------    d-----w-    C:\Program Files\Highlightly
2014-01-24 16:21:39    --------    d-----w-    C:\Program Files (x86)\Highlightly
2014-01-24 16:21:16    --------    d-----w-    C:\Program Files (x86)\24x7Help
2014-01-24 16:21:15    --------    d-----w-    C:\ProgramData\PCFixSpeed
2014-01-24 16:21:13    --------    d-----w-    C:\Program Files (x86)\PCFixSpeed
2014-01-24 16:05:57    --------    d-----w-    C:\Program Files (x86)\Linkey
2014-01-24 16:05:39    --------    d-----w-    C:\Program Files (x86)\XnView
2014-01-23 15:44:03    --------    d-----w-    C:\ProgramData\Trusteer
2014-01-22 17:09:24    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-22 17:05:10    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7FA3A2D-5E76-428B-A572-1E16E5D57BFB}\mpengine.dll
2014-01-20 18:18:20    --------    d-----w-    C:\Program Files\SAMSUNG
2014-01-20 18:17:47    --------    d-----w-    C:\ProgramData\Samsung
2014-01-19 20:53:31    --------    d-----w-    C:\Users\Paul\AppData\Roaming\FinalTorrent
2014-01-19 20:52:51    --------    d-----w-    C:\Users\Paul\AppData\Local\FileTypeAssistant
2014-01-19 20:52:50    --------    d-----w-    C:\Program Files (x86)\File Type Assistant
2014-01-19 20:52:36    --------    d-----w-    C:\Program Files (x86)\FinalTorrent
2014-01-19 20:52:14    --------    d-----w-    C:\Users\Paul\.android
2014-01-19 20:52:13    --------    d-----w-    C:\Users\Paul\AppData\Local\Programs
2014-01-19 20:52:13    --------    d-----w-    C:\Users\Paul\AppData\Local\cache
2014-01-19 20:52:12    --------    d-----w-    C:\Users\Paul\AppData\Local\Mobogenie
2014-01-19 20:52:12    --------    d-----w-    C:\Users\Paul\AppData\Local\genienext
2014-01-19 20:51:33    --------    d-----w-    C:\Program Files (x86)\Mobogenie
2014-01-19 20:51:18    --------    d-----w-    C:\Program Files (x86)\Jump Flip
2014-01-15 12:15:04    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 12:15:04    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 12:15:04    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 12:15:04    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 12:15:04    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 12:15:04    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 12:15:04    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 12:15:03    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 12:15:02    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-23 17:09:48    80184    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-01-23 17:09:48    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-23 17:09:48    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-01-23 17:09:47    43152    ----a-w-    C:\Windows\avastSS.scr
2014-01-22 17:35:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 17:35:06    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-19 04:50:49    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-12-18 13:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-11 13:27:17    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-04 19:46:36    58256    ----a-w-    C:\Windows\System32\drivers\hlnfd.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-28 08:12:12    708168    ----a-w-    C:\Windows\System32\WinUSBCoInstaller.dll
2013-10-28 08:12:12    204568    ----a-w-    C:\Windows\System32\drivers\ssudserd.sys
2013-10-28 08:12:12    204568    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 08:12:10    107288    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2012-01-22 13:27:38    13844000    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 15:51:44.72 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 25 January 2014 - 08:39 PM

Hello,

 

please run a FRST scan to begin with:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#3 Fourbits

Fourbits
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 25 January 2014 - 09:35 PM

Thank you for your response.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Paul (administrator) on NICHOLS-DADS on 25-01-2014 19:30:27
Running from C:\Users\Paul\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe
(Gemalto N.V.) C:\Users\Paul\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(The Weather Channel) C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BIOSTAR) C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
(LiveZilla GmbH) C:\Program Files (x86)\LiveZilla\LiveZilla.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
(Audiovox Electronics Corp.) C:\Users\Paul\Documents\RCA Detective\RCADetective.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Rick Meyers) C:\Program Files (x86)\e-Sword\e-Sword.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
() C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [LiveZilla] - C:\Program Files (x86)\LiveZilla\LiveZilla.exe [7030272 2011-03-17] (LiveZilla GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [googletalk] - C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-23] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [googletalk] - C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKCU\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Paul\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-08-01] (Gemalto N.V.)
HKCU\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-20] (Google Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13209088 2013-12-06] (The Weather Channel)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\Mike\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Mike\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Network User\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Network User\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Network User\...\Run: [googletalk] - C:\Users\Network User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\Network User\...\Run: [Pidgin] - C:\Program Files (x86)\Pidgin\pidgin.exe [49321 2012-07-06] (The Pidgin developer community)
HKU\Network User\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Network User\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
HKU\Network User\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-20] (Google Inc.)
HKU\Network User\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Network User\...\Run: [OpenDNS Updater] - C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\Network User\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => File Not Found
Startup: C:\Users\Lura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Network User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\Paul\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE1252EF078E6CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKCU - (No Name) - {a060276a-53be-45ec-8ebe-b94b1e803179} - No File
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {A98636C9-6EC7-4801-B5AB-E79B2FF6652B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
SearchScopes: HKCU - {E163AE6E-254C-5FF4-BE33-4CBD31D63F5C} URL = http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm5&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110606&user_guid=CFDFC453EB70404AA7967B50D6C487AA&machine_id=c8450bc2a34f7ea550a83854829d99d7&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -  No File
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {A060276A-53BE-45EC-8EBE-B94B1E803179} -  No File
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 69.145.248.4 69.146.17.2 69.144.49.29
Tcpip\..\Interfaces\{399020EF-A5C8-4BD3-97CD-00EE078AA7E7}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Paul\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\searchplugins\RadioRage_4j.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\bingober136149794.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Pastebin - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\pastebin.com@gmail.com [2011-04-11]
FF Extension: LastPass - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\support@lastpass.com [2013-11-25]
FF Extension: Worldspace FireEyes - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\worldspace@deque.com [2012-04-10]
FF Extension: Empty Cache Button - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2013-12-15]
FF Extension: ColorZilla - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-08-03]
FF Extension: Page Speed - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-05]
FF Extension: DT Whois - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\beysim@beysim.net.xpi [2013-08-03]
FF Extension: Firebug - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\firebug@software.joehewitt.com.xpi [2011-05-11]
FF Extension: Jump Flip - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\firefox@jumpflip.net.xpi [2014-01-15]
FF Extension: Readability - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\readability@readability.com.xpi [2013-12-16]
FF Extension: No Name - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\restartless.restart@erikvold.com.xpi [2013-12-17]
FF Extension: IPFingerPrints.com IP Location Information - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{28630f08-5dd3-4960-bf70-6b83d9c8348a}.xpi [2011-07-18]
FF Extension: ShowIP - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2011-06-03]
FF Extension: Live IP Address - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-07-18]
FF Extension: FireFTP - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-05-11]
FF Extension: gTranslate - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2012-02-02]
FF Extension: Web Developer - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-16]
FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Translate) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-03-11]
CHR Extension: (Sudoku) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2012-11-10]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Proxy Switchy!) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2013-05-04]
CHR Extension: (Highlightly) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom [2014-01-24]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (HD Video Player) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg [2013-02-13]
CHR Extension: (Website IP) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmhlgniedlklkpimlibbaoomlpacmk [2012-11-10]
CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-10]
CHR Extension: (avast! Online Security) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-05]
CHR Extension: (LastPass) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-22]
CHR Extension: (Convert PDF to Word) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclbidlajocjmicnpgpfmkblhdhjelfe [2012-09-18]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR HKLM-x32\...\Chrome\Extension: [cmclajginlihohopoeofghddnhpplhom] - C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx [2011-12-22]
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2011-12-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-23] (AVAST Software)
S3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
S4 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()
S4 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2011-07-13] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-01-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [x]

==================== Drivers (Whitelisted) ====================

R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-18] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [6272 2008-06-16] (BIOSTAR Group)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2011-02-11] (Realtek Semiconductor Corporation                           )
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 19:30 - 2014-01-25 19:30 - 00034045 _____ C:\Users\Paul\Desktop\FRST.txt
2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\FRST
2014-01-25 19:28 - 2014-01-25 19:29 - 02078208 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-01-25 11:36 - 2014-01-25 11:36 - 00000000 ____D C:\Users\Paul\Downloads\Automotive
2014-01-25 11:09 - 2014-01-25 11:09 - 00002164 _____ C:\Users\Paul\.recently-used.xbel
2014-01-25 10:38 - 2014-01-25 11:09 - 00000000 ____D C:\Users\Paul\Downloads\119 Ministries
2014-01-25 09:23 - 2014-01-25 09:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Paul\Desktop\MicrosoftFixit.dvd.RNP.163140817267034.8.1.Run.exe
2014-01-25 06:03 - 2014-01-25 06:04 - 00000000 ____D C:\Users\Paul\Downloads\mbam-chameleon-1.62.1.1000
2014-01-25 06:01 - 2014-01-25 06:01 - 01440846 _____ C:\Users\Paul\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-01-25 05:59 - 2014-01-25 05:59 - 01060352 _____ C:\Users\Paul\Desktop\MicrosoftFixit50472.msi
2014-01-25 05:28 - 2014-01-25 05:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 05:28 - 2014-01-25 05:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 05:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-24 16:37 - 2014-01-24 16:37 - 00000000 ____D C:\Users\Paul\AppData\Local\FileTypeAssistant
2014-01-24 16:08 - 2014-01-24 16:35 - 00000000 ____D C:\AdwCleaner
2014-01-24 16:08 - 2014-01-24 16:08 - 01236282 _____ C:\Users\Paul\Desktop\AdwCleaner.exe
2014-01-24 15:51 - 2014-01-24 15:53 - 00008028 _____ C:\Users\Paul\Desktop\attach.txt
2014-01-24 15:51 - 2014-01-24 15:51 - 00029794 _____ C:\Users\Paul\Desktop\dds.txt
2014-01-24 15:49 - 2014-01-24 15:49 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com
2014-01-24 09:58 - 2014-01-24 09:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-01-24 09:58 - 2014-01-24 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 09:57 - 2014-01-25 05:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-24 09:21 - 2014-01-24 09:21 - 00000963 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-24 09:21 - 2014-01-24 09:20 - 07433160 _____ (Bitberry Software                                           ) C:\Users\Paul\Downloads\FinalMediaPlayerSetup [1].exe
2014-01-24 09:05 - 2014-01-24 16:35 - 00000000 ____D C:\Program Files (x86)\XnView
2014-01-24 09:04 - 2014-01-24 09:05 - 04753616 _____ (Gougelet Pierre-e                                           ) C:\Users\Paul\Desktop\XnView-win_2_12.exe
2014-01-23 10:10 - 2014-01-23 10:10 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-23 08:44 - 2014-01-23 08:44 - 00000000 ____D C:\ProgramData\Trusteer
2014-01-22 10:09 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 10:09 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-22 10:09 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-22 10:09 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-22 10:08 - 2014-01-22 10:09 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 11:22 - 2014-01-20 11:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-01-20 11:18 - 2014-01-20 11:18 - 00000000 ____D C:\Program Files\SAMSUNG
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D C:\ProgramData\Samsung
2014-01-19 20:41 - 2014-01-19 20:41 - 00000000 _____ C:\Users\Mike\daemonprocess.txt
2014-01-19 13:52 - 2014-01-25 13:54 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2014-01-19 13:52 - 2014-01-20 10:33 - 00000000 ____D C:\Users\Paul\AppData\Local\cache
2014-01-19 13:52 - 2014-01-19 13:52 - 00003896 _____ C:\Windows\System32\Tasks\ProgramUpdateCheck
2014-01-19 13:52 - 2014-01-19 13:52 - 00003580 _____ C:\Windows\System32\Tasks\ProgramRefresh-ATFST
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 ____D C:\Users\Paul\.android
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 _____ C:\Users\Paul\daemonprocess.txt
2014-01-19 13:51 - 2014-01-24 18:28 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-19 13:50 - 2014-01-19 13:49 - 03895224 _____ (Bitberry Software                                           ) C:\Users\Paul\Downloads\FinalTorrentSetup [1].exe
2014-01-19 13:49 - 2014-01-19 13:49 - 00686448 _____ C:\Users\Paul\Desktop\FinalTorrentSetup.exe
2014-01-19 13:48 - 2014-01-19 13:48 - 00002888 _____ C:\Users\Paul\Desktop\1990_1995_4runner_wm.torrent
2014-01-16 03:36 - 2014-01-24 16:17 - 00003346 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-16 03:36 - 2014-01-24 16:17 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-15 13:36 - 2014-01-15 13:37 - 00000000 ____D C:\Users\Paul\Documents\interviews with wells
2014-01-15 05:15 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 05:15 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 05:15 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 05:15 - 2013-11-26 03:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 07:03 - 2014-01-24 23:59 - 00003232 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-13 07:02 - 2014-01-24 23:59 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-07 13:34 - 2014-01-07 13:34 - 00000000 ____D C:\Users\Paul\Desktop\Web images
2014-01-02 09:05 - 2014-01-16 11:21 - 00000000 ____D C:\Users\Paul\Documents\Biblical
2013-12-27 09:48 - 2013-12-27 09:48 - 00001389 _____ C:\Users\Paul\Desktop\paypal2013.txt
2013-12-26 09:17 - 2013-12-26 09:17 - 00002067 _____ C:\Users\Public\Desktop\GnuCash.lnk
2013-12-26 09:14 - 2013-12-26 09:14 - 106655345 _____ (GnuCash Development Team                                    ) C:\Users\Paul\Downloads\gnucash-2.4.13-setup.exe

==================== One Month Modified Files and Folders =======

2014-01-25 19:30 - 2014-01-25 19:30 - 00034045 _____ C:\Users\Paul\Desktop\FRST.txt
2014-01-25 19:29 - 2014-01-25 19:29 - 00000000 ____D C:\FRST
2014-01-25 19:29 - 2014-01-25 19:28 - 02078208 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-01-25 19:26 - 2012-04-07 19:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 19:11 - 2011-03-21 06:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 19:00 - 2012-01-20 10:00 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003UA.job
2014-01-25 15:10 - 2011-04-23 09:13 - 00000000 ____D C:\Users\Paul\.gimp-2.6
2014-01-25 13:54 - 2014-01-19 13:52 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2014-01-25 12:11 - 2011-03-21 06:04 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 11:36 - 2014-01-25 11:36 - 00000000 ____D C:\Users\Paul\Downloads\Automotive
2014-01-25 11:09 - 2014-01-25 11:09 - 00002164 _____ C:\Users\Paul\.recently-used.xbel
2014-01-25 11:09 - 2014-01-25 10:38 - 00000000 ____D C:\Users\Paul\Downloads\119 Ministries
2014-01-25 11:09 - 2011-04-08 20:38 - 00000000 ____D C:\Users\Paul\AppData\Roaming\gtk-2.0
2014-01-25 11:09 - 2011-03-19 07:22 - 00000000 ____D C:\Users\Paul
2014-01-25 10:35 - 2013-09-17 18:13 - 00000000 ____D C:\Users\Paul\Documents\1-Scriptures
2014-01-25 09:23 - 2014-01-25 09:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Paul\Desktop\MicrosoftFixit.dvd.RNP.163140817267034.8.1.Run.exe
2014-01-25 07:00 - 2012-01-20 10:00 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003Core.job
2014-01-25 06:04 - 2014-01-25 06:03 - 00000000 ____D C:\Users\Paul\Downloads\mbam-chameleon-1.62.1.1000
2014-01-25 06:01 - 2014-01-25 06:01 - 01440846 _____ C:\Users\Paul\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-01-25 05:59 - 2014-01-25 05:59 - 01060352 _____ C:\Users\Paul\Desktop\MicrosoftFixit50472.msi
2014-01-25 05:46 - 2011-04-28 05:42 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2014-01-25 05:41 - 2011-02-03 10:50 - 01274281 _____ C:\Windows\WindowsUpdate.log
2014-01-25 05:40 - 2013-01-19 21:04 - 00000000 ____D C:\ProgramData\Origin
2014-01-25 05:28 - 2014-01-25 05:28 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 05:28 - 2014-01-25 05:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 05:27 - 2014-01-24 09:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-25 05:01 - 2011-03-19 07:29 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Mozilla
2014-01-25 00:05 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 00:05 - 2009-07-13 21:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 00:00 - 2008-09-19 03:55 - 00014577 _____ C:\Windows\SysWOW64\NapaSet.txt
2014-01-24 23:59 - 2014-01-13 07:03 - 00003232 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-24 23:59 - 2014-01-13 07:02 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-24 23:58 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 23:58 - 2009-07-13 21:51 - 00076176 _____ C:\Windows\setupact.log
2014-01-24 23:57 - 2011-05-22 04:40 - 00344908 _____ C:\Windows\PFRO.log
2014-01-24 18:34 - 2013-05-03 21:23 - 00000404 ____H C:\Windows\Tasks\Norton Security Scan for Paul.job
2014-01-24 18:28 - 2014-01-19 13:51 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-24 16:37 - 2014-01-24 16:37 - 00000000 ____D C:\Users\Paul\AppData\Local\FileTypeAssistant
2014-01-24 16:35 - 2014-01-24 16:08 - 00000000 ____D C:\AdwCleaner
2014-01-24 16:35 - 2014-01-24 09:05 - 00000000 ____D C:\Program Files (x86)\XnView
2014-01-24 16:17 - 2014-01-16 03:36 - 00003346 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-24 16:17 - 2014-01-16 03:36 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003
2014-01-24 16:08 - 2014-01-24 16:08 - 01236282 _____ C:\Users\Paul\Desktop\AdwCleaner.exe
2014-01-24 15:56 - 2012-02-13 15:17 - 00000193 _____ C:\Windows\WORDPAD.INI
2014-01-24 15:53 - 2014-01-24 15:51 - 00008028 _____ C:\Users\Paul\Desktop\attach.txt
2014-01-24 15:51 - 2014-01-24 15:51 - 00029794 _____ C:\Users\Paul\Desktop\dds.txt
2014-01-24 15:49 - 2014-01-24 15:49 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com
2014-01-24 09:58 - 2014-01-24 09:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-01-24 09:58 - 2014-01-24 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 09:21 - 2014-01-24 09:21 - 00000963 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-24 09:21 - 2013-12-20 07:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 09:20 - 2014-01-24 09:21 - 07433160 _____ (Bitberry Software                                           ) C:\Users\Paul\Downloads\FinalMediaPlayerSetup [1].exe
2014-01-24 09:05 - 2014-01-24 09:04 - 04753616 _____ (Gougelet Pierre-e                                           ) C:\Users\Paul\Desktop\XnView-win_2_12.exe
2014-01-24 08:35 - 2012-07-26 18:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-23 10:10 - 2014-01-23 10:10 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-23 10:09 - 2013-12-18 21:51 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-23 10:09 - 2011-03-21 06:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-23 10:09 - 2011-03-21 06:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-23 10:09 - 2011-03-21 06:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-23 10:09 - 2011-03-21 06:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-23 10:09 - 2011-03-21 06:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 08:44 - 2014-01-23 08:44 - 00000000 ____D C:\ProgramData\Trusteer
2014-01-22 14:38 - 2013-12-06 12:53 - 00272664 _____ (Trusteer Ltd.) C:\Users\Paul\Desktop\RapportSetup.exe
2014-01-22 14:34 - 2012-03-04 17:08 - 00000000 ____D C:\Users\Paul\Documents\e-Sword
2014-01-22 10:49 - 2011-03-24 10:33 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2014-01-22 10:35 - 2012-04-07 19:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 10:35 - 2012-04-07 19:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-22 10:35 - 2011-06-13 06:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-22 10:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-22 10:10 - 2013-10-24 08:29 - 00000000 ____D C:\ProgramData\Oracle
2014-01-22 10:09 - 2014-01-22 10:08 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 10:09 - 2011-03-19 17:25 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-20 11:22 - 2014-01-20 11:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-01-20 11:18 - 2014-01-20 11:18 - 00000000 ____D C:\Program Files\SAMSUNG
2014-01-20 11:17 - 2014-01-20 11:17 - 00000000 ____D C:\ProgramData\Samsung
2014-01-20 10:33 - 2014-01-19 13:52 - 00000000 ____D C:\Users\Paul\AppData\Local\cache
2014-01-19 20:41 - 2014-01-19 20:41 - 00000000 _____ C:\Users\Mike\daemonprocess.txt
2014-01-19 20:41 - 2012-09-07 22:54 - 00000000 ____D C:\Users\Mike
2014-01-19 13:52 - 2014-01-19 13:52 - 00003896 _____ C:\Windows\System32\Tasks\ProgramUpdateCheck
2014-01-19 13:52 - 2014-01-19 13:52 - 00003580 _____ C:\Windows\System32\Tasks\ProgramRefresh-ATFST
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 ____D C:\Users\Paul\.android
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 _____ C:\Users\Paul\daemonprocess.txt
2014-01-19 13:49 - 2014-01-19 13:50 - 03895224 _____ (Bitberry Software                                           ) C:\Users\Paul\Downloads\FinalTorrentSetup [1].exe
2014-01-19 13:49 - 2014-01-19 13:49 - 00686448 _____ C:\Users\Paul\Desktop\FinalTorrentSetup.exe
2014-01-19 13:48 - 2014-01-19 13:48 - 00002888 _____ C:\Users\Paul\Desktop\1990_1995_4runner_wm.torrent
2014-01-16 11:21 - 2014-01-02 09:05 - 00000000 ____D C:\Users\Paul\Documents\Biblical
2014-01-16 03:32 - 2009-07-13 21:45 - 00306856 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 23:43 - 2013-08-26 09:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 23:40 - 2011-03-19 11:11 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:37 - 2014-01-15 13:36 - 00000000 ____D C:\Users\Paul\Documents\interviews with wells
2014-01-10 03:03 - 2011-05-19 13:26 - 00000000 ____D C:\Windows\System32\Tasks\Games
2014-01-07 13:34 - 2014-01-07 13:34 - 00000000 ____D C:\Users\Paul\Desktop\Web images
2014-01-06 08:36 - 2013-12-20 14:54 - 00000000 ____D C:\Users\Paul\Desktop\Biblical stuff
2014-01-04 19:16 - 2012-03-04 16:53 - 00000000 ____D C:\Program Files (x86)\e-Sword
2014-01-02 09:09 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-27 09:48 - 2013-12-27 09:48 - 00001389 _____ C:\Users\Paul\Desktop\paypal2013.txt
2013-12-26 09:17 - 2013-12-26 09:17 - 00002067 _____ C:\Users\Public\Desktop\GnuCash.lnk
2013-12-26 09:17 - 2011-04-08 14:04 - 00000000 ____D C:\Program Files (x86)\gnucash
2013-12-26 09:14 - 2013-12-26 09:14 - 106655345 _____ (GnuCash Development Team                                    ) C:\Users\Paul\Downloads\gnucash-2.4.13-setup.exe
2013-12-26 09:14 - 2011-04-08 14:06 - 00000000 ____D C:\Users\Paul\.gconfd
2013-12-26 09:14 - 2011-03-29 11:36 - 00000000 ____D C:\Users\Paul\Documents\business
2013-12-26 09:06 - 2011-03-19 17:44 - 00000000 ____D C:\Users\Paul\Documents\Expedited
2013-12-26 09:01 - 2011-04-08 14:06 - 00000000 ____D C:\Users\Paul\.gconf

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\JavaIC.dll
C:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\msscct32.dll
C:\Users\Network User\AppData\Local\Temp\AutoRun.exe
C:\Users\Network User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Network User\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Network User\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Paul\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe
C:\Users\Paul\AppData\Local\Temp\AutoRun.exe
C:\Users\Paul\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Paul\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Paul\AppData\Local\Temp\converter.exe
C:\Users\Paul\AppData\Local\Temp\eauninstall.exe
C:\Users\Paul\AppData\Local\Temp\ffunzip.exe
C:\Users\Paul\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Paul\AppData\Local\Temp\installerdll354384429.dll
C:\Users\Paul\AppData\Local\Temp\installerdll354394382.dll
C:\Users\Paul\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Paul\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\lastpass_1.80.0.exe
C:\Users\Paul\AppData\Local\Temp\lastpass_1.90.0.exe
C:\Users\Paul\AppData\Local\Temp\lastpass_2.5.0.exe
C:\Users\Paul\AppData\Local\Temp\lowproc.exe
C:\Users\Paul\AppData\Local\Temp\mssinstaller.exe
C:\Users\Paul\AppData\Local\Temp\patch31294.exe
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\rnsetup0.exe
C:\Users\Paul\AppData\Local\Temp\rootsupd.exe
C:\Users\Paul\AppData\Local\Temp\SC4_UNINST.EXE
C:\Users\Paul\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Paul\AppData\Local\Temp\SimCity 4_uninst.exe
C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Paul\AppData\Local\Temp\SoftwareUpdateSetup.exe
C:\Users\Paul\AppData\Local\Temp\sonarinst.exe
C:\Users\Paul\AppData\Local\Temp\SpOrder.dll
C:\Users\Paul\AppData\Local\Temp\stubhelper.dll
C:\Users\Paul\AppData\Local\Temp\STWSetup.exe
C:\Users\Paul\AppData\Local\Temp\tbExp0.dll
C:\Users\Paul\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Paul\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Paul\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Paul\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Paul\AppData\Local\Temp\_isA176.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 11:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by Paul at 2014-01-25 19:32:40
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState Komodo Edit 6.1.1 (x32 Version: 6.1.1 - ActiveState Software Inc.)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Web Ranking 7.5 (x32 Version: 7.5 - Caphyon)
Amazon MP3 Downloader 1.0.12 (x32 Version: 1.0.12 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Beyond Compare Version 3.2.4 (HKCU Version:  - Scooter Software)
BIO-Remote (x32 Version:  - )
BIOS Update (x32 Version:  - )
BIOScreen (x32 Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (x32 Version: 1.0.19.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CutePDF Writer 2.8 (Version:  - )
Desktop Whiteboard (x32 Version: 1.0.0 - maddocman)
Digital Transactions - August 2013 (x32 Version: 1.0.2 - Nxtbook Media, LLC)
Digital Transactions - August 2013 (x32 Version: 1.0.2 - Nxtbook Media, LLC) Hidden
Edimax Wireless LAN Driver and Utility (x32 Version: 1.00.0151 - Edimax Technology Co.)
eHOT Line (x32 Version:  - )
eMusic Download Manager 4.1.4 (x32 Version: 4.1.4 - eMusic, Inc.)
e-Sword (x32 Version: 10.00.0007 - Rick Meyers)
e-Sword Module Installer version .4 (Version: .4 - BibleSupport.com)
Fiddler2 (x32 Version: 2.3.3.5 - Eric Lawrence)
File Type Assistant (x32 Version: 2013.4.8.0 - ) <==== ATTENTION
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Fotosizer 1.31 (x32 Version: 1.31 - Fotosizer.com)
FOX News Live Stream (x32 Version: 1.0.562 - UNKNOWN) Hidden
FOX News Live Stream (x32 Version: v1.0.562 - UNKNOWN)
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
GnuCash 2.4.13 (x32 Version:  - GnuCash Development Team)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU Version:  - )
Google Talk (remove only) (x32 Version:  - )
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880 - CitrixOnline)
HMA! Pro VPN 2.6.9 (x32 Version: 2.6.9 - )
HTML-Kit (x32 Version: 1.0 - HTMLKit.com)
iCloud (Version: 3.0.2.163 - Apple Inc.)
IrfanView (remove only) (x32 Version: 4.28 - Irfan Skiljan)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jump Flip (Version: 2014.01.16.002256 - Jump Flip) <==== ATTENTION
LastPass (uninstall only) (HKCU Version:  - LastPass)
LiveZilla (x32 Version:  - LiveZilla GmbH)
LiveZilla (x32 Version: 3.3.2.2 - LiveZilla GmbH) Hidden
MagneticOne Store Manager for Zen Cart 2.2.0.217 (x32 Version: 2.2.0.217 - MagneticOne)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Security Scan (x32 Version: 4.0.0.48 - Symantec Corporation)
Nuance PaperPort 12 (x32 Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA PhysX (x32 Version: 9.09.0203 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU Version:  - )
Omron Health Management Software (x32 Version: 1.30.0010 - Omron Healthcare)
OpenDNS Updater 2.2.1 (x32 Version: 2.2.1 - )
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
Pdf995 (x32 Version:  - )
PFPortChecker 1.0.39 (x32 Version: 1.0.39 - Portforward.com)
PhotoScape (x32 Version:  - )
Pidgin (x32 Version: 2.10.7 - )
PuTTY version 0.60 (x32 Version: 0.60 - Simon Tatham)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RAIDXpert (x32 Version: 2.4.1540.26 - AMD) Hidden
RCA Detective™ 3.0.1.1 (x32 Version:  - RCA)
RCA Digital Voice Manager 5.3.3.0 (x32 Version:  - RCA)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.12.1218.2009 - Realtek)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SadMan Software: Search V3.8 (x32 Version: 3.8 - SadMan Software)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SanDiskSecureAccess_Manager.exe (HKCU Version: 1.0.0 - DMAILER)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shop To Win (x32 Version: 1.1.0.0 - Shop To Win, LLC)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32 Version:  - )
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (x32 Version: 5.40 - Silicon Laboratories, Inc.)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
The 2nd Book of Enoch.topx version e-Sword (x32 Version: e-Sword - BibleSupport.com)
The Scriptures (x32 Version:  - Institute for Scripture Research)
The Weather Channel App (x32 Version:  - )
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinSCP 4.3.2 (x32 Version: 4.3.2 - Martin Prikryl)
XAMPP 1.7.7 (x32 Version:  - )
Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))

==================== Restore Points  =========================

20-01-2014 14:15:36 Windows Update
22-01-2014 17:08:20 Installed Java 7 Update 51
23-01-2014 17:07:15 avast! antivirus system restore point
23-01-2014 21:09:04 Installed Rapport
24-01-2014 16:21:21 Installed WeatherBug
24-01-2014 23:30:46 Removed WeatherBug
25-01-2014 06:05:17 Windows Update
25-01-2014 12:59:28 Installed Microsoft Fix it 50472
25-01-2014 16:20:07 Installed Microsoft Fix it 50472

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0091AAC3-392D-4C7A-AFCB-B3F8D8FC0F9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003Core => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)
Task: {12D7C5B7-F417-4608-AC0E-C7CE907186D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003UA => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20] (Google Inc.)
Task: {20C4593E-62F4-4BBC-BF8B-B4BF03EFDE66} - System32\Tasks\{A4D10B38-1BF5-45E6-B0D1-A13EED2853B1} => C:\Program Files (x86)\Beyond Compare 3\BCompare.exe [2011-02-03] (Scooter Software)
Task: {317AA469-804A-4D76-B9FB-D056D6D3BC42} - System32\Tasks\{492099BA-95B8-4850-9496-075052DC1250} => C:\Program Files (x86)\Beyond Compare 3\BCompare.exe [2011-02-03] (Scooter Software)
Task: {44A005B6-19AD-4D63-9F4C-81EB921D901A} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-08] (                                                            ) <==== ATTENTION
Task: {4F294EF0-FE4D-4BFE-BB25-1DFA97B5C7EB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {67463E16-090D-419B-96D4-E018D67089FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21] (Google Inc.)
Task: {6A08641C-D122-4C46-9FE5-051572D60B9E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {782C5BC9-5657-4C32-B2A6-5FF041F597CF} - System32\Tasks\{AA140242-3F2F-43F9-8D0E-25AEC82DD7EC} => C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe [2013-08-07] (FileZilla Project)
Task: {7A1D4ACB-0CED-4006-BC82-80868084ADF7} - System32\Tasks\Norton Security Scan for Paul => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.0.48\Nss.exe [2013-10-10] (Symantec Corporation)
Task: {82862869-CCD8-46E8-9FF9-B123292074D4} - System32\Tasks\{7F50C47D-A4FF-4792-8C2C-A479C56F4CC7} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {82A01F03-343D-4656-8CDA-A1BF575815B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B88F3EA1-2E81-40BF-98CE-23DF55BB2A63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21] (Google Inc.)
Task: {BB6DB3E2-294C-4175-9941-EBE1579FFD89} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22] (Adobe Systems Incorporated)
Task: {CC784C58-D949-4A97-8FDF-C00794422B49} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CDBDFFED-4B32-453E-9217-DDB3E5CAA981} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS) <==== ATTENTION
Task: {D39F2C78-99C1-4CBD-A984-B0FF6484B566} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3469443784-792714702-2516778114-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E2256F75-24FC-4681-B6EC-143FD0561FB2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-23] (AVAST Software)
Task: {F7EC1B27-2C8A-43DA-AB58-EF0AAC2B3316} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3469443784-792714702-2516778114-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003Core.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3469443784-792714702-2516778114-1003UA.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Paul.job => C:\PROGRA~2\NORTON~2\Engine\400~1.48\Nss.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-08 09:34 - 2013-10-08 09:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-24 12:38 - 2014-01-24 10:39 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012401\algo.dll
2014-01-25 16:18 - 2014-01-25 10:46 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012501\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-12 03:58 - 2011-05-06 14:21 - 11485824 _____ () C:\Users\Paul\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-02-19 00:56 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\EnumDevLib.dll
2012-08-09 18:51 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-10-24 08:32 - 2013-10-24 08:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-20 07:27 - 2013-12-20 07:27 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-21 11:51 - 2013-11-19 20:28 - 01020928 _____ () C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-08-07 12:25 - 2013-08-07 12:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-20 12:50 - 2013-09-20 12:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 03:54 - 2013-09-17 03:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2013-09-17 03:54 - 2013-09-17 03:54 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2013-09-17 03:54 - 2013-09-17 03:54 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2014-01-22 10:35 - 2014-01-22 10:35 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
2000-01-11 13:03 - 2000-01-11 13:03 - 00083368 _____ () C:\Windows\SysWOW64\vsthes6.ocx
2000-10-11 08:39 - 2000-10-11 08:39 - 00160096 _____ () C:\Windows\SysWOW64\vsspell6.ocx
2011-04-23 09:12 - 2010-10-10 11:02 - 00071752 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpcolor-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00040488 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpmath-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00043488 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpmodule-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00121592 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpbase-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00066568 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpthumb-2.0-0.dll
2011-04-23 09:12 - 2010-08-24 17:21 - 00105120 _____ () C:\Program Files (x86)\GIMP-2.0\bin\zlib1.dll
2011-04-23 09:12 - 2010-08-24 17:21 - 00235304 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libpng14-14.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 01349688 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00104296 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpconfig-2.0-0.dll
2011-04-23 09:12 - 2010-08-24 17:21 - 00943896 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libcairo-2.dll
2011-04-23 09:12 - 2009-12-15 18:01 - 00211616 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libfontconfig-1.dll
2011-04-23 09:12 - 2009-02-15 22:29 - 00125496 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libexpat-1.dll
2011-04-23 09:12 - 2009-12-15 18:00 - 00457888 _____ () C:\Program Files (x86)\GIMP-2.0\bin\freetype6.dll
2011-04-23 09:12 - 2010-07-08 08:08 - 00108776 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libpangocairo-1.0-0.dll
2011-04-23 09:12 - 2009-08-13 23:46 - 00129176 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libbabl-0.0-0.dll
2011-04-23 09:12 - 2009-08-13 23:46 - 00316568 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgegl-0.0-0.dll
2011-04-23 09:12 - 2010-07-08 08:09 - 00095264 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2011-04-23 09:12 - 2010-10-10 11:04 - 00045056 _____ () C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
2011-04-23 09:12 - 2008-08-22 23:55 - 00177160 _____ () C:\Program Files (x86)\GIMP-2.0\bin\liblcms-1.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00209408 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimpui-2.0-0.dll
2011-04-23 09:12 - 2010-10-10 11:02 - 00272392 _____ () C:\Program Files (x86)\GIMP-2.0\bin\libgimp-2.0-0.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:765D258D

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 05:43:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00066fbb
Faulting process id: 0xd74
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/25/2014 00:15:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00066fbb
Faulting process id: 0x930
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/24/2014 10:34:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00066fbb
Faulting process id: 0x1c28
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/24/2014 09:41:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00066fbb
Faulting process id: 0xff0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/24/2014 02:45:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: App24x7Help.exe, version: 2.1.0.35, time stamp: 0x517a384b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e17a
Faulting process id: 0x20dc
Faulting application start time: 0xApp24x7Help.exe0
Faulting application path: App24x7Help.exe1
Faulting module path: App24x7Help.exe2
Report Id: App24x7Help.exe3

Error: (01/24/2014 02:24:11 PM) (Source: Application Hang) (User: )
Description: The program TWCApp.exe version 7.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e40

Start Time: 01cf1919b7e0fa6f

Termination Time: 123

Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Report Id:

Error: (01/24/2014 09:06:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/24/2014 09:02:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/24/2014 09:02:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/24/2014 09:02:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/24/2014 11:59:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/24/2014 11:59:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/24/2014 11:58:19 PM) (Source: Service Control Manager) (User: )
Description: The MgAssist Service service failed to start due to the following error:
%%2

Error: (01/24/2014 11:58:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 193

Error: (01/24/2014 11:06:03 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error %%1.

Error: (01/24/2014 04:38:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/24/2014 04:38:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/24/2014 04:37:13 PM) (Source: Service Control Manager) (User: )
Description: The MgAssist Service service failed to start due to the following error:
%%2

Error: (01/24/2014 04:37:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 193

Error: (01/24/2014 04:35:35 PM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error %%1.


Microsoft Office Sessions:
=========================
Error: (01/25/2014 05:43:43 AM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.1.7601.18247521ea8e7c000000500066fbbd7401cf19c91175fc07C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll527eb9ac-85be-11e3-a309-0030678ec1be

Error: (01/25/2014 00:15:26 AM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.1.7601.18247521ea8e7c000000500066fbb93001cf199b18e407c1C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll763f3f30-8590-11e3-a309-0030678ec1be

Error: (01/24/2014 10:34:51 PM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.1.7601.18247521ea8e7c000000500066fbb1c2801cf198808300a7eC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll68fe83ae-8582-11e3-9e84-0030678ec1be

Error: (01/24/2014 09:41:28 PM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2ntdll.dll6.1.7601.18247521ea8e7c000000500066fbbff001cf195f2421930fC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dllf413ee47-857a-11e3-9e84-0030678ec1be

Error: (01/24/2014 02:45:19 PM) (Source: Application Error)(User: )
Description: App24x7Help.exe2.1.0.35517a384bntdll.dll6.1.7601.18247521ea8e7c00000050002e17a20dc01cf192054c29b5eC:\Program Files (x86)\24x7Help\App24x7Help.exeC:\Windows\SysWOW64\ntdll.dlld1539f8c-8540-11e3-8c83-0030678ec1be

Error: (01/24/2014 02:24:11 PM) (Source: Application Hang)(User: )
Description: TWCApp.exe7.6.0.0e4001cf1919b7e0fa6f123C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

Error: (01/24/2014 09:06:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Paul\Desktop\SoftonicDownloader_for_xnview.exe

Error: (01/24/2014 09:02:39 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Paul\Desktop\SoftonicDownloader_for_xnview.exe

Error: (01/24/2014 09:02:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Paul\Desktop\SoftonicDownloader_for_xnview.exe

Error: (01/24/2014 09:02:23 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Paul\Desktop\SoftonicDownloader_for_xnview.exe


==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 4087.87 MB
Available physical RAM: 1025 MB
Total Pagefile: 8173.92 MB
Available Pagefile: 4095.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:478.99 GB) (Free:357.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931 GB) (Disk ID: 4728CBBF)
Partition 1: (Active) - (Size=479 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=05)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 28 January 2014 - 08:58 AM

Hi,

please run the following fix.
Which problems remain afterwards?


Please download this attached Attached File  fixlist.txt   2.29KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 Fourbits

Fourbits
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 28 January 2014 - 12:31 PM

Ok. Thanks. I was beginning to wonder if I had screwed something up. Ran that fixlist and Fixlog is below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02
Ran by Paul at 2014-01-28 09:51:02 Run:1
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {A98636C9-6EC7-4801-B5AB-E79B2FF6652B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
SearchScopes: HKCU - {E163AE6E-254C-5FF4-BE33-4CBD31D63F5C} URL = http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm5&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110606&user_guid=CFDFC453EB70404AA7967B50D6C487AA&machine_id=c8450bc2a34f7ea550a83854829d99d7&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\searchplugins\RadioRage_4j.xml
FF Extension: Jump Flip - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\firefox@jumpflip.net.xpi [2014-01-15]
CHR Extension: (Highlightly) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2011-12-22]
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [x]
C:\Program Files (x86)\Mobogenie
 2014-01-24 16:37 - 2014-01-24 16:37 - 00000000 ____D C:\Users\Paul\AppData\Local\FileTypeAssistant
2014-01-19 20:41 - 2014-01-19 20:41 - 00000000 _____ C:\Users\Mike\daemonprocess.txt
2014-01-19 13:52 - 2014-01-25 13:54 - 00000000 ____D C:\Program Files (x86)\File Type Assistant
2014-01-19 13:52 - 2014-01-20 10:33 - 00000000 ____D C:\Users\Paul\AppData\Local\cache
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 ____D C:\Users\Paul\.android
2014-01-19 13:52 - 2014-01-19 13:52 - 00000000 _____ C:\Users\Paul\daemonprocess.txt
2014-01-19 13:51 - 2014-01-24 18:28 - 00000000 ____D C:\Program Files (x86)\Jump Flip
Task: {44A005B6-19AD-4D63-9F4C-81EB921D901A} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-08] (                                                            ) <==== ATTENTION
Task: {CDBDFFED-4B32-453E-9217-DDB3E5CAA981} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS) <==== ATTENTION
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A98636C9-6EC7-4801-B5AB-E79B2FF6652B} => Key deleted successfully.
HKCR\CLSID\{A98636C9-6EC7-4801-B5AB-E79B2FF6652B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C} => Key deleted successfully.
HKCR\CLSID\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C} => Key not found.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\searchplugins\RadioRage_4j.xml => Moved successfully.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\febcfzf6.default\Extensions\firefox@jumpflip.net.xpi => Moved successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf => Key deleted successfully.
"C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx" => File/Directory not found.
MgAssistService => Service deleted successfully.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
C:\Users\Paul\AppData\Local\FileTypeAssistant => Moved successfully.
C:\Users\Mike\daemonprocess.txt => Moved successfully.

"C:\Program Files (x86)\File Type Assistant" directory move:

C:\Program Files (x86)\File Type Assistant\ftacfg.exe => Moved successfully.
C:\Program Files (x86)\File Type Assistant\itdownload.dll => Moved successfully.
C:\Program Files (x86)\File Type Assistant\TSASetup.exe => Moved successfully.
C:\Program Files (x86)\File Type Assistant\tsassist.exe => Moved successfully.
C:\Program Files (x86)\File Type Assistant\tsassist.id => Moved successfully.
C:\Program Files (x86)\File Type Assistant\tsassist.pci => Moved successfully.
C:\Program Files (x86)\File Type Assistant\unins000.dat => Moved successfully.
C:\Program Files (x86)\File Type Assistant\unins000.exe => Moved successfully.
C:\Program Files (x86)\File Type Assistant\unins000.msg => Moved successfully.
C:\Program Files (x86)\File Type Assistant\unins000.ref => Moved successfully.
Could not move "C:\Program Files (x86)\File Type Assistant" directory. => Scheduled to move on reboot.

C:\Users\Paul\AppData\Local\cache => Moved successfully.
C:\Users\Paul\.android => Moved successfully.
C:\Users\Paul\daemonprocess.txt => Moved successfully.
C:\Program Files (x86)\Jump Flip => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44A005B6-19AD-4D63-9F4C-81EB921D901A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44A005B6-19AD-4D63-9F4C-81EB921D901A} => Key deleted successfully.
C:\Windows\System32\Tasks\ProgramRefresh-ATFST => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDBDFFED-4B32-453E-9217-DDB3E5CAA981} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDBDFFED-4B32-453E-9217-DDB3E5CAA981} => Key deleted successfully.
C:\Windows\System32\Tasks\ProgramUpdateCheck => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-28 10:28:05)<=

C:\Program Files (x86)\File Type Assistant => Is moved successfully.

==== End of Fixlog ====



#6 Fourbits

Fourbits
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 28 January 2014 - 12:36 PM

So far things look a lot better. Thanks. I will be testing it for a while.

 

Paul



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 28 January 2014 - 02:10 PM

Yes, test it for a while and report back with the final result.
 
Let's also do one last routing check:
 
 
Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!


#8 Fourbits

Fourbits
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 29 January 2014 - 11:04 AM

Eset found a few "threats"

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir    a variant of Win32/24x7Help.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir    Win32/24x7Help.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.exe.vir    Win32/24x7Help.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir    Win64/24x7Help.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.exe.vir    Win64/24x7Help.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\genienext\nengine.dll.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir    Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Paul\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir    Win32/NextLive.A application
C:\FRST\Quarantine\firefox@jumpflip.net.xpi    Win32/BrowseFox.B application
C:\richie's pc\Desktop\hu2011_setup-dm.exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Paul\AppData\Local\Temp\jar_cache4196081396388194084.tmp    probably a variant of Java/TrojanDownloader.OpenStream.NBU trojan
C:\Users\Paul\AppData\Local\Temp\jar_cache6919231159131038025.tmp    multiple threats
C:\Users\Paul\AppData\Local\Temp\tbExp0.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\Paul\AppData\Local\Temp\is1914646434\2874303_stp\PCFixSpeedSetup.exe    multiple threats
C:\Users\Paul\AppData\LocalLow\ConservativeTalkNow_4nEI\Installr\Cache\151B21C1.exe    a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Paul\AppData\LocalLow\RadioRage_4jEI\Installr\Cache\00E8D00F.exe    a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Paul\Desktop\FinalTorrentSetup.exe    a variant of Win32/InstallCore.IJ application
C:\Users\Paul\Desktop\speedupmypc.exe    Win32/SpeedUpMyPC application
C:\Users\Paul\Documents\customersites\customersites.zip    PHP/Kryptik.AB trojan
C:\Users\Paul\Documents\customersites\oldcust_files.zip    multiple threats
C:\Users\Paul\Documents\customersites\iauareigns\wp\wp-content\themes\Ad-Clerum-2\footer0.php    PHP/Kryptik.AB trojan
C:\Users\Paul\Documents\Richie\Desktop\hu2011_setup-dm.exe    a variant of Win32/Adware.Trymedia.A application
C:\Users\Paul\Downloads\MusicNotessuite.exe    Win32/OpenCandy application
C:\Users\Paul\Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application
 



#9 Fourbits

Fourbits
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Billings, Montana
  • Local time:01:04 AM

Posted 31 January 2014 - 01:32 PM

Just checking to see if the last Eset log made any sense. Looks like I still have some issues.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 01 February 2014 - 02:21 PM

It might look bad at first sight but it isn't!
You can delete all the files in your Downloads, Documents and Desktop folder that ESET has listed. All the rest is already in quarantine or is just in temporary files and therefor just a remnant and completely inactive!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.
If you want to support me fighting against malware or offer me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 04 March 2014 - 11:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users