Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Codec-V removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 kamikazemind327

kamikazemind327

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 02 March 2014 - 05:37 PM

Codec-V is installed on my computer and keeps running ads. And even though it says you can uninstall from computer I don't see it anywhere on my computer. Please help! My laptop runs Windows Vista.

 

--------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.45.2
Run by sky at 16:20:44 on 2014-03-02
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3034.836 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\CrossriderWebApps\Crossrider.exe
C:\Users\sky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\sky\AppData\Roaming\Spotify\spotify.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC81D2533-91BF-42F9-A7D4-1B147A4927EB&SSPV=
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\sky\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [MusicManager] "c:\users\sky\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Spotify] "c:\users\sky\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\sky\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
StartupFolder: c:\users\sky\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\sky\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SANDIS~1.LNK - 
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/uneworleans/support/plugins/ebraryRdr.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{265503E9-C392-43A6-B217-03D6F0BF49B0} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{6644A944-5F04-4B12-BC1F-D586B098049C} : NameServer = 208.67.222.222,208.67.222.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-16 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-20 403440]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-17 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-20 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-20 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-20 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-2-24 2363168]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-9-21 34320]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-17 144128]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-12 39272]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-6-17 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-6-17 269216]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.exe" --> c:\windows\sminst\sftservice.EXE [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\fxxandroidusb.sys [2010-3-30 25728]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\fxx\qcusbser.sys [2010-3-30 103424]
.
=============== Created Last 30 ================
.
2014-03-02 21:11:46 -------- d-----w- c:\users\sky\appdata\local\SearchProtect
2014-03-02 21:11:46 -------- d-----w- c:\program files\SearchProtect
2014-03-02 20:48:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-02 20:48:05 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-03-02 20:48:04 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-03-02 20:48:04 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2014-03-02 20:48:01 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-02-28 20:33:26 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-28 20:33:25 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-02-28 20:33:25 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-28 20:33:25 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-02-28 20:33:24 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-28 20:33:00 155648 ----a-w- c:\windows\system32\wscript.exe
2014-02-28 20:33:00 135168 ----a-w- c:\windows\system32\cscript.exe
2014-02-28 20:33:00 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-02-28 20:32:59 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-02-28 20:32:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-02-28 20:31:47 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-28 20:27:16 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6bb20745-f705-48b1-9416-f77c02fd5f41}\mpengine.dll
.
==================== Find3M  ====================
.
2014-03-01 01:15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 01:15:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-01-27 15:58:46 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-07 23:31:06 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-07 23:31:06 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-07 23:31:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 23:31:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-07 23:31:05 43152 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 16:26:06.08 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 02 March 2014 - 05:52 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 March 2014 - 09:24 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by sky (administrator) on SKY-PC on 03-03-2014 08:19:14
Running from C:\Users\sky\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
(Crossrider) C:\Program Files\CrossriderWebApps\Crossrider.exe
(Google Inc.) C:\Users\sky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SanDisk Corporation) C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-01] (IDT, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [Google Update] - C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-09] (Google Inc.)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [CrossRiderPlugin] - C:\Program Files\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [MusicManager] - C:\Users\sky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7342592 2013-09-23] (Google Inc.)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [Spotify Web Helper] - C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-02] (Spotify Ltd)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {366bbcdc-921b-11e1-b2a2-0023ae4091d7} - D:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {3ca7340d-6ca2-11e2-8fef-0023ae4091d7} - D:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {4c4dec72-5e71-11e1-9c30-0023ae4091d7} - G:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {93b823e7-d040-11e1-8512-0023ae4091d7} - D:\Setup.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1047328 2014-02-24] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-tyc8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
SearchScopes: HKCU - {00A34591-709B-4D84-8A59-4DE31C433DEF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {30750DD1-EADD-4cf1-A485-C736C96936AB} URL = http://search.etoolkit.com/search?q={searchTerms}&id=026f33184511839ed3f01ecd6121fa27650&s=p
BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{6644A944-5F04-4B12-BC1F-D586B098049C}: [NameServer]208.67.222.222,208.67.222.220
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.yahoo.com/"
CHR Extension: (Google Docs) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-06]
CHR Extension: (Turn Off the Lights) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-12-08]
CHR Extension: (YouTube) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-11]
CHR Extension: (Google Cast) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-08]
CHR Extension: (Google Search) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-11]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2013-12-08]
CHR Extension: (Pandora) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-12-08]
CHR Extension: (Nice Tumblr) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfdfdgcjljkdijjbaipabnalhakbcok [2013-12-08]
CHR Extension: (avast! Online Security) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-08]
CHR Extension: (Google Keep) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-12-08]
CHR Extension: (Cloud Reader) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-08]
CHR Extension: (Google Play Music) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-12-08]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2013-12-07]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx [2013-02-01]
CHR HKLM\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx [2011-10-11]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\sky\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
 
========================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-01] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-07] (AVAST Software)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2363168 2014-02-24] (Conduit)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MyWebSearchService; C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2011-09-21] (MyWebSearch.com)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-01] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S2 SftService; "C:\WINDOWS\SMINST\sftservice.EXE" [X]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 androidusb; C:\Windows\System32\Drivers\fxxandroidusb.sys [25728 2010-03-30] (Google Inc)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-07] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [144672 2008-09-03] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [269216 2008-09-03] (Creative Technology Ltd.)
S3 qcusbser; C:\Windows\System32\DRIVERS\FXX\qcusbser.sys [103424 2010-03-30] (QUALCOMM Incorporated)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-03 08:19 - 2014-03-03 08:19 - 00021341 _____ () C:\Users\sky\Downloads\FRST.txt
2014-03-03 08:18 - 2014-03-03 08:19 - 00000000 ____D () C:\FRST
2014-03-03 08:18 - 2014-03-03 08:18 - 01145344 _____ (Farbar) C:\Users\sky\Downloads\FRST.exe
2014-03-02 16:31 - 2014-03-02 16:31 - 00921000 _____ (Oracle Corporation) C:\Users\sky\Downloads\chromeinstall-7u51.exe
2014-03-02 16:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-02 16:29 - 2014-03-02 16:32 - 00017271 _____ () C:\Users\sky\Desktop\dds.txt
2014-03-02 16:29 - 2014-03-02 16:32 - 00010499 _____ () C:\Users\sky\Desktop\attach.txt
2014-03-02 16:29 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-02 16:29 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-02 16:29 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-02 16:25 - 2014-03-02 16:29 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-02 16:19 - 2014-03-02 16:20 - 00688992 ____R (Swearware) C:\Users\sky\Downloads\dds.com
2014-03-02 15:11 - 2014-03-02 15:12 - 00000000 ____D () C:\Users\sky\AppData\Local\SearchProtect
2014-03-02 15:11 - 2014-03-02 15:12 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-02 14:57 - 2014-03-02 14:59 - 00999232 _____ (DivX, LLC) C:\Users\sky\Downloads\DivXInstaller (1).exe
2014-03-02 14:55 - 2014-03-02 15:20 - 18126032 _____ (Adobe Systems Inc.) C:\Users\sky\Downloads\AdobeAIRInstaller (1).exe
2014-03-02 14:48 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 14:48 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-02 14:48 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-02 14:48 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-02 14:48 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-02 14:47 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-02 14:47 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-02 14:47 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-02 14:47 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-02 14:47 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-02 14:47 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-02 14:47 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-02 14:47 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 14:33 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-28 14:33 - 2013-10-29 20:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-02-28 14:33 - 2013-10-29 19:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-28 14:33 - 2013-10-29 18:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-28 14:33 - 2013-10-29 18:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-28 14:33 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-28 14:33 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-28 14:33 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-28 14:32 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-28 14:32 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-02-28 14:31 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-03 08:19 - 2014-03-03 08:19 - 00021341 _____ () C:\Users\sky\Downloads\FRST.txt
2014-03-03 08:19 - 2014-03-03 08:18 - 00000000 ____D () C:\FRST
2014-03-03 08:18 - 2014-03-03 08:18 - 01145344 _____ (Farbar) C:\Users\sky\Downloads\FRST.exe
2014-03-03 08:18 - 2006-11-02 04:33 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 08:17 - 2013-12-07 12:37 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Spotify
2014-03-03 08:17 - 2009-06-17 02:34 - 01087211 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 08:16 - 2012-09-12 18:53 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 08:14 - 2013-12-07 12:48 - 00000000 ____D () C:\Users\sky\AppData\Local\Spotify
2014-03-03 08:14 - 2013-05-04 15:37 - 00000000 ___RD () C:\Users\sky\Google Drive
2014-03-03 08:12 - 2012-09-12 18:53 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 08:11 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 08:11 - 2006-11-02 06:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:11 - 2006-11-02 06:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 08:08 - 2012-05-07 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 08:08 - 2011-09-09 11:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000UA.job
2014-03-02 16:51 - 2013-01-23 13:03 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-02 16:48 - 2009-06-17 08:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-02 16:47 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-02 16:44 - 2006-11-02 05:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-02 16:41 - 2010-06-30 21:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Skype
2014-03-02 16:41 - 2010-06-30 21:32 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 16:40 - 2012-09-30 10:33 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
2014-03-02 16:32 - 2014-03-02 16:29 - 00017271 _____ () C:\Users\sky\Desktop\dds.txt
2014-03-02 16:32 - 2014-03-02 16:29 - 00010499 _____ () C:\Users\sky\Desktop\attach.txt
2014-03-02 16:31 - 2014-03-02 16:31 - 00921000 _____ (Oracle Corporation) C:\Users\sky\Downloads\chromeinstall-7u51.exe
2014-03-02 16:30 - 2013-12-08 11:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 16:29 - 2014-03-02 16:25 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-02 16:26 - 2009-06-17 07:49 - 00000000 ____D () C:\Program Files\Java
2014-03-02 16:20 - 2014-03-02 16:19 - 00688992 ____R (Swearware) C:\Users\sky\Downloads\dds.com
2014-03-02 16:11 - 2008-01-20 21:02 - 01104910 _____ () C:\Windows\PFRO.log
2014-03-02 16:11 - 2006-11-02 06:44 - 00270688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-02 16:09 - 2006-11-02 06:58 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-02 15:56 - 2011-08-23 12:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-02 15:54 - 2010-04-29 16:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-02 15:48 - 2013-02-20 22:15 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-03-02 15:48 - 2010-04-23 20:55 - 00000000 ____D () C:\Program Files\DivX
2014-03-02 15:48 - 2010-04-23 20:54 - 00000000 ____D () C:\ProgramData\DivX
2014-03-02 15:41 - 2011-09-09 11:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000Core.job
2014-03-02 15:40 - 2010-06-07 00:08 - 00000000 ____D () C:\Users\sky\AppData\Roaming\DivX
2014-03-02 15:25 - 2013-03-30 12:33 - 00000000 ____D () C:\Program Files\Graboid
2014-03-02 15:24 - 2012-06-17 18:47 - 00000000 ____D () C:\Program Files\Giraffic
2014-03-02 15:23 - 2009-06-17 07:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-02 15:20 - 2014-03-02 14:55 - 18126032 _____ (Adobe Systems Inc.) C:\Users\sky\Downloads\AdobeAIRInstaller (1).exe
2014-03-02 15:12 - 2014-03-02 15:11 - 00000000 ____D () C:\Users\sky\AppData\Local\SearchProtect
2014-03-02 15:12 - 2014-03-02 15:11 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-02 15:08 - 2013-07-28 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-02 15:01 - 2013-03-18 11:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-02 15:01 - 2010-04-14 13:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Mozilla
2014-03-02 14:59 - 2014-03-02 14:57 - 00999232 _____ (DivX, LLC) C:\Users\sky\Downloads\DivXInstaller (1).exe
2014-02-28 19:15 - 2012-05-07 08:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-28 19:15 - 2012-01-16 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 02:58 - 2014-03-02 14:47 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 02:56 - 2014-03-02 14:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:53 - 2014-03-02 14:47 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 02:51 - 2014-03-02 14:47 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:50 - 2014-03-02 14:47 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:49 - 2014-03-02 14:47 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:49 - 2014-03-02 14:47 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:48 - 2014-03-02 14:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:48 - 2014-03-02 14:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:47 - 2014-03-02 14:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:47 - 2014-03-02 14:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:47 - 2014-03-02 14:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:46 - 2014-03-02 14:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 04:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\8j0ahimd.dll
C:\Users\sky\AppData\Local\Temp\bing.exe
C:\Users\sky\AppData\Local\Temp\DivXSetup.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\sky\AppData\Local\Temp\Gcab2.exe
C:\Users\sky\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\sky\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\MSETUP4.EXE
C:\Users\sky\AppData\Local\Temp\msg395C.exe
C:\Users\sky\AppData\Local\Temp\MSNB2BD.exe
C:\Users\sky\AppData\Local\Temp\NGMDll.dll
C:\Users\sky\AppData\Local\Temp\NGMResource.dll
C:\Users\sky\AppData\Local\Temp\NGMSetup.exe
C:\Users\sky\AppData\Local\Temp\nsdD18A.exe
C:\Users\sky\AppData\Local\Temp\nstCDA3.exe
C:\Users\sky\AppData\Local\Temp\nsy2714.exe
C:\Users\sky\AppData\Local\Temp\nsy2F9D.exe
C:\Users\sky\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\sky\AppData\Local\Temp\unicows.dll
C:\Users\sky\AppData\Local\Temp\Veoh383477.exe
C:\Users\sky\AppData\Local\Temp\xvidupdate.exe
C:\Users\sky\AppData\Local\Temp\{14A601E4-070E-4CCF-8837-AC7E1323EAE7}-31.0.1650.63_chrome_installer.exe
C:\Users\sky\AppData\Local\Temp\{FB15FE83-0AB0-4B50-AB68-10B0EB1117F2}-21.0.1180.60_20.0.1132.57_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-03 08:16
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-03-2014
Ran by sky at 2014-03-03 08:20:23
Running from C:\Users\sky\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2008 - Avast Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CA Yahoo! Anti-Spy (remove only) (HKLM\...\cayahooantispy) (Version:  - CA, Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Davis's Drug Guide for Nurses, 12e (HKLM\...\com.adobe.example.dashboard.0B098AEF699B0982E5F3583FA58B39D3490BCE90.1) (Version: 1.0 - F.A. Davis)
Davis's Drug Guide for Nurses, 12e (Version: 1.0 - F.A. Davis) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Video Chat (HKLM\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
ffdshow [rev 1443] [2007-08-29] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Gcabby2 (HKCU\...\Gcabby2) (Version:  - )
Getting to Know ArcGIS Desktop - Exercise Data (HKLM\...\{74FF6A94-035C-4650-BA19-75DC3182B7C3}) (Version: 1.00.0000 - ESRI)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Talk Plugin (HKLM\...\{DDB824DA-C431-3A3E-B997-F4B5539838FC}) (Version: 4.7.0.15362 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.)
Integrated Webcam Driver (1.00.02.0825)   (HKLM\...\Creative OA009) (Version:  - )
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
La Tale (HKLM\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
MapleStory (HKLM\...\MapleStory) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Miro (HKLM\...\Miro) (Version: 4.0.3 - Participatory Culture Foundation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
My Web Search (Cursor Mania) (HKLM\...\MyWebSearch bar Uninstall) (Version:  - My Web Search) <==== ATTENTION
Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OGPlanet Game Launcher (HKLM\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.9.0105 - ooVoo LLC.)
Phone F USB Driver (HKLM\...\{992E7A5F-2A06-459E-9E9A-E8BA0222969C}) (Version: 1.1.7 - Mobile)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RGSS-RTP Standard (HKLM\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SanDisk ® Media Manager (HKLM\...\{8BAF591E-B0E0-4DF6-B73C-AD10826E0DB7}) (Version: 2.1.0.4 - SanDisk)
Search Protect (HKLM\...\SearchProtect) (Version: 2.10.31.0 - Conduit) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Doctor 2.7.3 (HKLM\...\Windows Doctor 2.7.3_is1) (Version:  - WindowsDoctor International LLC)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Restore Points  =========================
 
17-10-2013 05:00:01 Scheduled Checkpoint
18-10-2013 05:00:01 Scheduled Checkpoint
19-10-2013 05:00:01 Scheduled Checkpoint
20-10-2013 05:00:01 Scheduled Checkpoint
22-10-2013 08:33:58 Windows Update
24-10-2013 23:09:46 Scheduled Checkpoint
07-12-2013 19:07:40 Windows Update
07-12-2013 22:21:03 Windows Update
07-12-2013 22:50:33 avast! antivirus system restore point
08-12-2013 16:57:45 Installed Java 7 Update 45
15-12-2013 20:00:56 avast! antivirus system restore point
28-02-2014 20:26:30 Windows Update
02-03-2014 20:43:53 Windows Update
02-03-2014 21:49:21 Removed Apple Mobile Device Support
02-03-2014 22:23:11 Installed Java 7 Update 51
02-03-2014 22:41:20 Removed Skype™ 5.10
02-03-2014 22:42:16 Removed Skype Click to Call
02-03-2014 22:43:51 Windows Live Essentials
 
==================== Hosts content: ==========================
 
2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05D40369-36F2-466B-B995-5970D35177F7} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1A71FFAB-753E-4EC7-B1A6-98857FAAB5CB} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => Sc.exe config upnphost start= auto <==== ATTENTION
Task: {1F201B36-5F6D-44F7-96B7-D657CD1CA7EF} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {364E76FC-E0BA-4A5F-99DD-94C521BFB376} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.) <==== ATTENTION
Task: {3DCE668A-B948-484F-9522-02649AD7F399} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000UA => C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.) <==== ATTENTION
Task: {3E1F1FAA-FF0B-4BE5-9838-E886A84E3596} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <==== ATTENTION
Task: {4BB7ED2C-0731-4971-9389-612DD2775C08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-28] (Adobe Systems Incorporated) <==== ATTENTION
Task: {54008ACB-5DE7-4CF7-ADB1-F6187E04808C} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () <==== ATTENTION
Task: {5C030EAB-FF2B-42A8-8E97-795DFB0E0334} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.) <==== ATTENTION
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {6796F333-5F83-4B25-8DE3-032A4AAF4931} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000Core => C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.) <==== ATTENTION
Task: {6D397EC9-0E42-4094-A2FC-47283099E9DC} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {7A4EDB56-4F65-40DA-8B00-9F099A0043F0} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8C950B61-DFC1-4D9D-A56D-83714A75F038} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.) <==== ATTENTION
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {A04B3701-4EEB-410E-93C4-CB346FDFA473} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-07] (AVAST Software) <==== ATTENTION
Task: {A193582E-CCD6-4A1B-A2E4-F819AA52B9FE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation) <==== ATTENTION
Task: {ACDD310F-57C1-44F1-B3DF-C2EB93C99D99} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-20] () <==== ATTENTION
Task: {AF979DA9-37EF-49E6-9E8B-AE0B216EAAFE} - System32\Tasks\Microsoft\Windows\RestartManager\{285BCB7E-0759-4c05-8821-A93CC8ACBEAF} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: {AFBD033B-94E0-47BD-89FE-4A4D5AA827BD} - System32\Tasks\User_Feed_Synchronization-{137B2682-7314-43AD-BB47-3F10ECE04128}
Task: {B0091A1C-AE8A-4F5C-BE34-CCCC3EFFBB5F} - System32\Tasks\{F545F4E3-87AF-4692-8190-11E2ECE67EBE} => C:\Program Files\Skype\Phone\Skype.exe <==== ATTENTION
Task: {C8B3025B-D21E-4527-BBC6-CDFBFEB026E1} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-04-11] (Microsoft Corporation) <==== ATTENTION
Task: {CCBF53AC-D7B0-4DBF-82C3-6A3A32316B11} - System32\Tasks\{83C95D14-0B66-4DF3-A6AE-EA964EF773E7} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.169&amp;LastError=404 <==== ATTENTION
Task: {DCF21B69-ECAA-4A14-909C-DB3EEB1FDD04} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe <==== ATTENTION
Task: {E23F245B-C601-41AE-935E-63A2E0C965F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.) <==== ATTENTION
Task: {F41C7B45-D9F1-4D1D-AF77-24673D3829A1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000Core.job => C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000UA.job => C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-06-17 07:50 - 2008-12-22 04:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-06-17 07:50 - 2008-12-22 04:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-03-02 14:44 - 2014-03-02 12:47 - 02186240 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030201\algo.dll
2013-01-23 13:03 - 2011-02-07 10:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-06-17 07:50 - 2008-12-22 04:32 - 00054784 _____ () C:\WINDOWS\System32\bcmwlrmt.dll
2013-12-07 17:31 - 2013-12-07 17:31 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2013-01-10 14:01 - 2013-01-10 14:01 - 10683392 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-01-10 14:01 - 2013-01-10 14:01 - 07741952 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-01-10 14:01 - 2013-01-10 14:01 - 02248192 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-01-10 14:01 - 2013-01-10 14:01 - 01681408 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-09-23 15:01 - 2013-09-23 15:01 - 00117248 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-09-23 15:03 - 2013-09-23 15:03 - 00231936 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-09-23 15:02 - 2013-09-23 15:02 - 00253440 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-09-23 15:03 - 2013-09-23 15:03 - 00344064 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-01-10 14:01 - 2013-01-10 14:01 - 00026624 _____ () C:\Users\sky\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-12-08 10:29 - 2013-12-03 20:48 - 04055504 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-08 10:29 - 2013-12-03 20:48 - 00399312 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-08 10:29 - 2013-12-03 20:47 - 01619408 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-08 10:29 - 2013-12-03 20:47 - 00702416 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-08 10:29 - 2013-12-03 20:47 - 00099792 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-08 10:29 - 2013-12-03 20:48 - 13586896 _____ () C:\Users\sky\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2014 08:11:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2014 08:08:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55050008
 
Error: (03/03/2014 08:08:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55050008
 
Error: (03/03/2014 08:08:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/02/2014 04:51:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
 
Error: (03/02/2014 04:51:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198
 
Error: (03/02/2014 04:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/02/2014 04:51:09 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (03/02/2014 04:44:01 PM) (Source: Microsoft-Windows-RestartManager) (User: sky-pc)
Description: 0SearchIndexer.exeWindows Search03026216128440
 
Error: (03/02/2014 04:43:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {32727c01-9d02-4fcd-adf1-60297d4ab28d}
 
 
System errors:
=============
Error: (03/03/2014 08:11:59 AM) (Source: Service Control Manager) (User: )
Description: SoftThinks Agent Service%%2
 
Error: (03/03/2014 08:11:59 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (03/03/2014 08:11:59 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058
 
Error: (03/03/2014 08:11:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:08:28 AM on 3/3/2014 was unexpected.
 
Error: (03/02/2014 04:44:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (03/02/2014 04:44:07 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (03/02/2014 04:44:07 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/02/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: SoftThinks Agent Service%%2
 
Error: (03/02/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (03/02/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (12/09/2011 09:12:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/08/2011 10:01:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/07/2011 10:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/01/2011 09:02:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/06/2011 02:51:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/17/2011 04:51:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/27/2010 08:58:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-07-22 23:49:01.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:49:01.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:49:00.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:48:59.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:48:59.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:48:58.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:48:57.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-22 23:48:57.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-04-20 23:26:46.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-04-20 23:26:46.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 3033.63 MB
Available physical RAM: 1464.92 MB
Total Pagefile: 6268.29 MB
Available Pagefile: 4427.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:115.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: EB1710F3)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 03 March 2014 - 09:56 AM

ok.


Step 1

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    My Web Search (Cursor Mania)
    Search Protect

  • Reboot your computer.

 

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 March 2014 - 02:43 PM

# AdwCleaner v3.020 - Report created 03/03/2014 at 13:35:58
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : sky - SKY-PC
# Running from : C:\Users\sky\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\CodecCheck
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Users\sky\AppData\Local\Temp\FoxTab
Folder Deleted : C:\Users\sky\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\sky\AppData\Roaming\Systweak
Folder Deleted : C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
File Deleted : C:\END
File Deleted : C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage
File Deleted : C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF21B69-ECAA-4A14-909C-DB3EEB1FDD04}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Trymedia Systems
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16533
 
 
-\\ Google Chrome v
 
[ File : C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5495 octets] - [03/03/2014 13:31:21]
AdwCleaner[S0].txt - [5558 octets] - [03/03/2014 13:35:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5618 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by sky (administrator) on SKY-PC on 03-03-2014 13:41:52
Running from C:\Users\sky\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Crossrider) C:\Program Files\CrossriderWebApps\Crossrider.exe
(Google Inc.) C:\Users\sky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SanDisk Corporation) C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Users\sky\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-01] (IDT, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [Google Update] - C:\Users\sky\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-09] (Google Inc.)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [CrossRiderPlugin] - C:\Program Files\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [MusicManager] - C:\Users\sky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [Spotify Web Helper] - C:\Users\sky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-02] (Spotify Ltd)
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {366bbcdc-921b-11e1-b2a2-0023ae4091d7} - D:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {3ca7340d-6ca2-11e2-8fef-0023ae4091d7} - D:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {4c4dec72-5e71-11e1-9c30-0023ae4091d7} - G:\Setup.exe
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\MountPoints2: {93b823e7-d040-11e1-8512-0023ae4091d7} - D:\Setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-tyc8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {00A34591-709B-4D84-8A59-4DE31C433DEF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {30750DD1-EADD-4cf1-A485-C736C96936AB} URL = http://search.etoolkit.com/search?q={searchTerms}&id=026f33184511839ed3f01ecd6121fa27650&s=p
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{6644A944-5F04-4B12-BC1F-D586B098049C}: [NameServer]208.67.222.222,208.67.222.220
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.yahoo.com/"
CHR Extension: (Google Docs) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-03]
CHR Extension: (Turn Off the Lights) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-12-08]
CHR Extension: (YouTube) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-11]
CHR Extension: (Google Cast) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-08]
CHR Extension: (Google Search) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-11]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2013-12-08]
CHR Extension: (Pandora) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-12-08]
CHR Extension: (Nice Tumblr) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfdfdgcjljkdijjbaipabnalhakbcok [2013-12-08]
CHR Extension: (avast! Online Security) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-08]
CHR Extension: (Google Keep) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-12-08]
CHR Extension: (Cloud Reader) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-08]
CHR Extension: (Google Play Music) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-12-08]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\sky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2013-12-07]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\sky\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
 
========================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-01] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-07] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-01] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S2 SftService; "C:\WINDOWS\SMINST\sftservice.EXE" [X]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 androidusb; C:\Windows\System32\Drivers\fxxandroidusb.sys [25728 2010-03-30] (Google Inc)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-07] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [144672 2008-09-03] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [269216 2008-09-03] (Creative Technology Ltd.)
S3 qcusbser; C:\Windows\System32\DRIVERS\FXX\qcusbser.sys [103424 2010-03-30] (QUALCOMM Incorporated)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-03 13:40 - 2014-03-03 13:40 - 00005698 _____ () C:\Users\sky\Desktop\AdwCleaner[S0].txt
2014-03-03 13:31 - 2014-03-03 13:36 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:29 - 2014-03-03 13:30 - 01244192 _____ () C:\Users\sky\Desktop\AdwCleaner.exe
2014-03-03 13:20 - 2014-03-03 13:20 - 00000048 _____ () C:\Windows\wininit.ini
2014-03-03 08:25 - 2014-03-03 08:25 - 00036781 _____ () C:\Users\sky\Desktop\Addition.txt
2014-03-03 08:24 - 2014-03-03 08:24 - 00035946 _____ () C:\Users\sky\Desktop\FRST.txt
2014-03-03 08:20 - 2014-03-03 08:22 - 00036781 _____ () C:\Users\sky\Downloads\Addition.txt
2014-03-03 08:19 - 2014-03-03 13:41 - 00018104 _____ () C:\Users\sky\Downloads\FRST.txt
2014-03-03 08:18 - 2014-03-03 13:41 - 00000000 ____D () C:\FRST
2014-03-03 08:18 - 2014-03-03 08:18 - 01145344 _____ (Farbar) C:\Users\sky\Downloads\FRST.exe
2014-03-02 16:31 - 2014-03-02 16:31 - 00921000 _____ (Oracle Corporation) C:\Users\sky\Downloads\chromeinstall-7u51.exe
2014-03-02 16:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-02 16:29 - 2014-03-02 16:32 - 00017271 _____ () C:\Users\sky\Desktop\dds.txt
2014-03-02 16:29 - 2014-03-02 16:32 - 00010499 _____ () C:\Users\sky\Desktop\attach.txt
2014-03-02 16:29 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-02 16:29 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-02 16:29 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-02 16:25 - 2014-03-02 16:29 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-02 16:19 - 2014-03-02 16:20 - 00688992 ____R (Swearware) C:\Users\sky\Downloads\dds.com
2014-03-02 14:57 - 2014-03-02 14:59 - 00999232 _____ (DivX, LLC) C:\Users\sky\Downloads\DivXInstaller (1).exe
2014-03-02 14:55 - 2014-03-02 15:20 - 18126032 _____ (Adobe Systems Inc.) C:\Users\sky\Downloads\AdobeAIRInstaller (1).exe
2014-03-02 14:48 - 2014-02-05 02:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 14:48 - 2014-02-05 02:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-02 14:48 - 2014-02-05 02:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-02 14:48 - 2014-02-05 02:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-02 14:48 - 2014-02-05 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-02 14:47 - 2014-02-05 02:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-02 14:47 - 2014-02-05 02:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-02 14:47 - 2014-02-05 02:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-02 14:47 - 2014-02-05 02:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-02 14:47 - 2014-02-05 02:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-02 14:47 - 2014-02-05 02:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-02 14:47 - 2014-02-05 02:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-02 14:47 - 2014-02-05 02:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-02 14:47 - 2014-02-05 02:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 14:33 - 2013-12-04 20:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-28 14:33 - 2013-10-29 20:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-02-28 14:33 - 2013-10-29 19:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-28 14:33 - 2013-10-29 18:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-28 14:33 - 2013-10-29 18:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-28 14:33 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-28 14:33 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-28 14:33 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-28 14:32 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-28 14:32 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-02-28 14:31 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-03 13:42 - 2014-03-03 08:19 - 00018104 _____ () C:\Users\sky\Downloads\FRST.txt
2014-03-03 13:41 - 2014-03-03 08:18 - 00000000 ____D () C:\FRST
2014-03-03 13:41 - 2011-09-09 11:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000UA.job
2014-03-03 13:40 - 2014-03-03 13:40 - 00005698 _____ () C:\Users\sky\Desktop\AdwCleaner[S0].txt
2014-03-03 13:38 - 2012-09-12 18:53 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 13:37 - 2008-01-20 21:02 - 01111984 _____ () C:\Windows\PFRO.log
2014-03-03 13:37 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 13:37 - 2006-11-02 06:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 13:37 - 2006-11-02 06:45 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 13:36 - 2014-03-03 13:31 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:36 - 2009-06-17 02:34 - 01123559 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 13:36 - 2006-11-02 06:58 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-03 13:30 - 2014-03-03 13:29 - 01244192 _____ () C:\Users\sky\Desktop\AdwCleaner.exe
2014-03-03 13:28 - 2006-11-02 04:33 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 13:20 - 2014-03-03 13:20 - 00000048 _____ () C:\Windows\wininit.ini
2014-03-03 13:20 - 2013-12-07 12:37 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Spotify
2014-03-03 13:17 - 2012-09-12 18:53 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 13:01 - 2012-05-07 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 12:23 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-03 08:58 - 2013-12-07 12:48 - 00000000 ____D () C:\Users\sky\AppData\Local\Spotify
2014-03-03 08:43 - 2010-04-24 11:54 - 00000000 ____D () C:\Program Files\Project64 1.6
2014-03-03 08:38 - 2011-03-01 21:51 - 00000000 ____D () C:\Program Files\FA Davis
2014-03-03 08:27 - 2010-04-14 16:46 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-03 08:25 - 2014-03-03 08:25 - 00036781 _____ () C:\Users\sky\Desktop\Addition.txt
2014-03-03 08:24 - 2014-03-03 08:24 - 00035946 _____ () C:\Users\sky\Desktop\FRST.txt
2014-03-03 08:22 - 2014-03-03 08:20 - 00036781 _____ () C:\Users\sky\Downloads\Addition.txt
2014-03-03 08:22 - 2011-04-15 11:46 - 00000000 ____D () C:\Program Files\Xvid
2014-03-03 08:18 - 2014-03-03 08:18 - 01145344 _____ (Farbar) C:\Users\sky\Downloads\FRST.exe
2014-03-03 08:14 - 2013-05-04 15:37 - 00000000 ___RD () C:\Users\sky\Google Drive
2014-03-02 16:51 - 2013-01-23 13:03 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-02 16:48 - 2009-06-17 08:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-02 16:44 - 2006-11-02 05:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-02 16:41 - 2010-06-30 21:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Skype
2014-03-02 16:41 - 2010-06-30 21:32 - 00000000 ____D () C:\ProgramData\Skype
2014-03-02 16:40 - 2012-09-30 10:33 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
2014-03-02 16:32 - 2014-03-02 16:29 - 00017271 _____ () C:\Users\sky\Desktop\dds.txt
2014-03-02 16:32 - 2014-03-02 16:29 - 00010499 _____ () C:\Users\sky\Desktop\attach.txt
2014-03-02 16:31 - 2014-03-02 16:31 - 00921000 _____ (Oracle Corporation) C:\Users\sky\Downloads\chromeinstall-7u51.exe
2014-03-02 16:30 - 2013-12-08 11:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 16:29 - 2014-03-02 16:25 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-02 16:26 - 2009-06-17 07:49 - 00000000 ____D () C:\Program Files\Java
2014-03-02 16:20 - 2014-03-02 16:19 - 00688992 ____R (Swearware) C:\Users\sky\Downloads\dds.com
2014-03-02 16:11 - 2006-11-02 06:44 - 00270688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-02 15:56 - 2011-08-23 12:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-02 15:54 - 2010-04-29 16:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-02 15:48 - 2013-02-20 22:15 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-03-02 15:48 - 2010-04-23 20:55 - 00000000 ____D () C:\Program Files\DivX
2014-03-02 15:48 - 2010-04-23 20:54 - 00000000 ____D () C:\ProgramData\DivX
2014-03-02 15:41 - 2011-09-09 11:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231762359-4078290926-1873698356-1000Core.job
2014-03-02 15:40 - 2010-06-07 00:08 - 00000000 ____D () C:\Users\sky\AppData\Roaming\DivX
2014-03-02 15:25 - 2013-03-30 12:33 - 00000000 ____D () C:\Program Files\Graboid
2014-03-02 15:24 - 2012-06-17 18:47 - 00000000 ____D () C:\Program Files\Giraffic
2014-03-02 15:23 - 2009-06-17 07:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-02 15:20 - 2014-03-02 14:55 - 18126032 _____ (Adobe Systems Inc.) C:\Users\sky\Downloads\AdobeAIRInstaller (1).exe
2014-03-02 15:08 - 2013-07-28 16:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-02 15:01 - 2013-03-18 11:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-02 15:01 - 2010-04-14 13:32 - 00000000 ____D () C:\Users\sky\AppData\Roaming\Mozilla
2014-03-02 14:59 - 2014-03-02 14:57 - 00999232 _____ (DivX, LLC) C:\Users\sky\Downloads\DivXInstaller (1).exe
2014-02-28 19:15 - 2012-05-07 08:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-28 19:15 - 2012-01-16 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 02:58 - 2014-03-02 14:47 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 02:56 - 2014-03-02 14:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:53 - 2014-03-02 14:47 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 02:51 - 2014-03-02 14:47 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:50 - 2014-03-02 14:47 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:49 - 2014-03-02 14:47 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:49 - 2014-03-02 14:47 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:48 - 2014-03-02 14:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:48 - 2014-03-02 14:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:48 - 2014-03-02 14:47 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:47 - 2014-03-02 14:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:47 - 2014-03-02 14:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 02:47 - 2014-03-02 14:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:46 - 2014-03-02 14:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 04:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\sky\AppData\Local\Temp\8j0ahimd.dll
C:\Users\sky\AppData\Local\Temp\bing.exe
C:\Users\sky\AppData\Local\Temp\DivXSetup.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\sky\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\sky\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\sky\AppData\Local\Temp\Gcab2.exe
C:\Users\sky\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\sky\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\sky\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\sky\AppData\Local\Temp\MSETUP4.EXE
C:\Users\sky\AppData\Local\Temp\msg395C.exe
C:\Users\sky\AppData\Local\Temp\MSNB2BD.exe
C:\Users\sky\AppData\Local\Temp\NGMDll.dll
C:\Users\sky\AppData\Local\Temp\NGMResource.dll
C:\Users\sky\AppData\Local\Temp\NGMSetup.exe
C:\Users\sky\AppData\Local\Temp\nsdD18A.exe
C:\Users\sky\AppData\Local\Temp\nst8FC5.exe
C:\Users\sky\AppData\Local\Temp\nstCDA3.exe
C:\Users\sky\AppData\Local\Temp\nsy2714.exe
C:\Users\sky\AppData\Local\Temp\nsy2F9D.exe
C:\Users\sky\AppData\Local\Temp\Quarantine.exe
C:\Users\sky\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\sky\AppData\Local\Temp\unicows.dll
C:\Users\sky\AppData\Local\Temp\Veoh383477.exe
C:\Users\sky\AppData\Local\Temp\xvidupdate.exe
C:\Users\sky\AppData\Local\Temp\{14A601E4-070E-4CCF-8837-AC7E1323EAE7}-31.0.1650.63_chrome_installer.exe
C:\Users\sky\AppData\Local\Temp\{FB15FE83-0AB0-4B50-AB68-10B0EB1117F2}-21.0.1180.60_20.0.1132.57_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-03 13:29
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 03 March 2014 - 03:35 PM

What problems still persist now?


Please download this attached Attached File  fixlist.txt   359bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#7 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 03 March 2014 - 08:55 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-03-2014
Ran by sky at 2014-03-03 19:54:09 Run:1
Running from C:\Users\sky\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\...\Run: [CrossRiderPlugin] - C:\Program Files\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
C:\Program Files\CrossriderWebApps
SearchScopes: HKCU - {30750DD1-EADD-4cf1-A485-C736C96936AB} URL = http://search.etoolkit.com/search?q={searchTerms}&id=026f33184511839ed3f01ecd6121fa27650&s=p
*****************
 
HKU\S-1-5-21-3231762359-4078290926-1873698356-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CrossRiderPlugin => Value deleted successfully.
C:\Program Files\CrossriderWebApps => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{30750DD1-EADD-4cf1-A485-C736C96936AB} => Key not found.
 
==== End of Fixlog ====


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 04 March 2014 - 04:08 AM

How is it going now? What problem and symptoms do you experience right now?



#9 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 05 March 2014 - 09:43 PM

Hello. everything seems to be going fine. I dont see the CodecV thing anymore on webpages. Thanks a bunch!



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 06 March 2014 - 02:59 AM

Great!
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#11 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 12 March 2014 - 05:34 PM

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Guest\AppData\Local\Temp\jar_cache6343920608863148949.tmp multiple threats
C:\Documents and Settings\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-33241026 multiple threats
C:\Documents and Settings\sky\AppData\Local\Temp\Veoh383477.exe a variant of Win32/InstallBrain.AW potentially unwanted application
C:\Documents and Settings\sky\AppData\Local\Temp\nspB9C0\SpSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Documents and Settings\sky\AppData\Local\Temp\{0920CE9B-9185-31BE-D355-D9A7D2C3EC6D}\zugo.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\sky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\d6429c3-4cdf48d2 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Documents and Settings\sky\Downloads\cbsidlm-tr1_5-Windows_Doctor-10746668.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Documents and Settings\sky\Downloads\Codec-C.exe Win32/InstallMate potentially unwanted application
C:\Documents and Settings\sky\Downloads\CursorMania.exe a variant of Win32/AdInstaller potentially unwanted application
C:\Documents and Settings\sky\Downloads\FlashPlayer_V.9512302c.exe Win32/DomaIQ.C potentially unwanted application
C:\Documents and Settings\sky\Downloads\Hitmaker_The_Man_and_His_Music_by_Tommy_Mottola,_Cal_Fussman.exe Win32/Adware.1ClickDownload.U application
C:\Documents and Settings\sky\Downloads\iLividSetup-r400-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application
C:\Documents and Settings\sky\Downloads\Miro_Installer.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\sky\Downloads\mplayer.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Documents and Settings\sky\Downloads\Prisoners.2013.TS.Blur.MP3 MiLLENiUM.flv__3039_i98306463_il3312298.exe a variant of Win32/Amonetize.S potentially unwanted application
C:\Documents and Settings\sky\Downloads\Prisoners.2013.TS.Blur.MP3 MiLLENiUM.flv__3515_i98306936_il3312298.exe a variant of Win32/Amonetize.S potentially unwanted application
C:\Documents and Settings\sky\Downloads\SaveAs (1).exe Win32/InstalleRex.E potentially unwanted application
C:\Documents and Settings\sky\Downloads\SaveAs.exe Win32/InstalleRex.C potentially unwanted application
C:\Documents and Settings\sky\Downloads\Solange_-_True_[EP]_2012_320kbps_CBR_MP3_[VX]_[P2PDL]_secure.exe Win32/TopMedia.B potentially unwanted application
C:\Documents and Settings\sky\Downloads\VaudiX.exe Win32/InstalleRex.I potentially unwanted application
C:\Documents and Settings\sky\Downloads\XvidSetup(1).exe Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\sky\Downloads\XvidSetup.exe Win32/Adware.HotBar application
C:\Documents and Settings\sky\Videos\Veoh\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\sky\Videos\Veoh\VeohWebPlayerSetup_upgrade_eng.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Documents and Settings\sky\Videos\Veoh\VeohWebPlayerSetup_us_upgrade.exe a variant of Win32/InstallBrain.AW potentially unwanted application
C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe a variant of Win32/InstallBrain.AW potentially unwanted application
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Users\Guest\AppData\Local\Temp\jar_cache6343920608863148949.tmp multiple threats
C:\Users\Guest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\196b589f-33241026 multiple threats
C:\Users\sky\AppData\Local\Temp\Veoh383477.exe a variant of Win32/InstallBrain.AW potentially unwanted application
C:\Users\sky\AppData\Local\Temp\nspB9C0\SpSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\sky\AppData\Local\Temp\{0920CE9B-9185-31BE-D355-D9A7D2C3EC6D}\zugo.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\sky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\d6429c3-4cdf48d2 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\sky\Downloads\cbsidlm-tr1_5-Windows_Doctor-10746668.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\sky\Downloads\Codec-C.exe Win32/InstallMate potentially unwanted application
C:\Users\sky\Downloads\CursorMania.exe a variant of Win32/AdInstaller potentially unwanted application
C:\Users\sky\Downloads\FlashPlayer_V.9512302c.exe Win32/DomaIQ.C potentially unwanted application
C:\Users\sky\Downloads\Hitmaker_The_Man_and_His_Music_by_Tommy_Mottola,_Cal_Fussman.exe Win32/Adware.1ClickDownload.U application
C:\Users\sky\Downloads\iLividSetup-r400-n-bc.exe a variant of Win32/iLivid.A potentially unwanted application
C:\Users\sky\Downloads\Miro_Installer.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\sky\Downloads\mplayer.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\sky\Downloads\Prisoners.2013.TS.Blur.MP3 MiLLENiUM.flv__3039_i98306463_il3312298.exe a variant of Win32/Amonetize.S potentially unwanted application
C:\Users\sky\Downloads\Prisoners.2013.TS.Blur.MP3 MiLLENiUM.flv__3515_i98306936_il3312298.exe a variant of Win32/Amonetize.S potentially unwanted application
C:\Users\sky\Downloads\SaveAs (1).exe Win32/InstalleRex.E potentially unwanted application
C:\Users\sky\Downloads\SaveAs.exe Win32/InstalleRex.C potentially unwanted application
C:\Users\sky\Downloads\Solange_-_True_[EP]_2012_320kbps_CBR_MP3_[VX]_[P2PDL]_secure.exe Win32/TopMedia.B potentially unwanted application
C:\Users\sky\Downloads\VaudiX.exe Win32/InstalleRex.I potentially unwanted application
C:\Users\sky\Downloads\XvidSetup(1).exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\sky\Downloads\XvidSetup.exe Win32/Adware.HotBar application
C:\Users\sky\Videos\Veoh\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo potentially unwanted application
C:\Users\sky\Videos\Veoh\VeohWebPlayerSetup_upgrade_eng.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\sky\Videos\Veoh\VeohWebPlayerSetup_us_upgrade.exe a variant of Win32/InstallBrain.AW potentially unwanted application


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 12 March 2014 - 05:52 PM

Looking good, no more active malware.
But there are lots of installers in your download directory that are bundled with adware.. So in the future be a bit more picky what to download.. ;)


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#13 kamikazemind327

kamikazemind327
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 12 March 2014 - 07:03 PM

Thanks so much! :)



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 13 March 2014 - 03:12 AM

You're welcome. :)
All the best.

#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 13 March 2014 - 03:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users