Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with URL:Mal and the Name Not Available Sound Trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 hehaswon

hehaswon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 26 April 2014 - 02:42 PM

I have run Malwarebytes, Superantispyware, and Spybot S&D but both of these malwares won't go away.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by leon at 14:52:31 on 2014-04-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4196 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Juno\exec.exe
C:\Program Files (x86)\Juno\exec.exe
C:\Program Files (x86)\Juno\qsacc\x1exec.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Windows\system32\RunDll32.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SndVol.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\Juno\SearchEnh1.dll
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - 
mURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Juno Toolbar Helper: {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\UCReg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
TB: JunoBar: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
TB: JunoBar: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll
uRun: [Google Update] "C:\Users\leon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Juno_uoltray] C:\Program Files (x86)\Juno\exec.exe regrun
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\leon\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=be00180295e147d2a44afd6e91cb2f3e-b07cb003248b40dd1d13ceda63081802332a107b /CMPID=0214c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\leon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Display All Images with Full Quality - "res://C:\Program Files (x86)\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "res://C:\Program Files (x86)\Juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{AED42CA1-311F-4CAA-BF38-58D47ACA86A3} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F4E4332D-3731-4C8A-B9D5-CD32AB2F95E1} : DHCPNameServer = 192.168.1.1 184.16.33.54
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-21 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-21 38016]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-21 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-21 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-21 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-21 203264]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-21 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-21 50344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-21 1127448]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-4-23 1153368]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-21 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-21 38456]
S1 SASKUTIL;SASKUTIL;J:\Portables\PenApps\Security\SUPERAntiSpyware\SASKUTIL.SYS [2014-3-21 67664]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-21 85328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-23 21:20:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5146D508-226F-450C-8BDF-CEA8E8C2FF49}\offreg.dll
2014-04-23 18:54:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-04-23 18:54:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 18:35:17 -------- d-----w- C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 18:35:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-04-22 13:08:42 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-04-22 13:08:34 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5146D508-226F-450C-8BDF-CEA8E8C2FF49}\mpengine.dll
2014-04-21 21:18:41 -------- d-----w- C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 21:17:33 -------- d-----w- C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 21:07:12 -------- d-----w- C:\Users\leon\AppData\Roaming\AVAST Software
2014-04-21 21:06:13 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-21 21:06:12 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-21 21:06:12 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-21 21:06:07 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-21 21:06:04 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-21 21:05:59 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-21 21:05:55 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-21 21:05:48 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-21 21:05:24 -------- d-----w- C:\Program Files\AVAST Software
2014-04-21 21:03:48 -------- d-----w- C:\ProgramData\AVAST Software
2014-04-15 17:55:40 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-15 17:55:25 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-15 17:55:25 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-15 17:55:25 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-15 17:55:25 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-15 17:55:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 17:55:11 -------- d-----w- C:\Users\leon\AppData\Local\Programs
2014-04-07 18:01:02 -------- d-----w- C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
.
==================== Find3M  ====================
.
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-12 16:45:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:45:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 21:10:10 464506 ----a-w- C:\ProgramData\bdinstall.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 14:52:48.89 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 27 April 2014 - 01:41 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================

 

Hi hehaswon,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt), please copy and paste the log into your reply to me

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt
  • Search.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 28 April 2014 - 03:13 PM

Thanks for responding. Here are the results:  (don't know how we got two instances of Avast. I'll wait for your instructions before I do anything.)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by leon (administrator) on SELFCOMPUTER on 28-04-2014 12:56:11
Running from J:\MyFiles\Computer Work\Selfs Computer
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Crawler, LLC) C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\qsacc\x1exec.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1076696 2014-04-11] (Crawler, LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-21] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\e54565d4-4062-4703-b4f8-d40320f1f074.exe /check [181136 2014-04-28] (AVAST Software)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Google Update] => C:\Users\leon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-24] (Google Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Juno_uoltray] => C:\Program Files (x86)\Juno\exec.exe [1797632 2012-04-26] (Juno, Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\leon\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=be00180295e147d2a44afd6e91cb2f3e-b07cb003248b40dd1d13ceda63081802332a107b /CMPID=0214c
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\hp\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
URLSearchHook: HKLM-x32 - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
URLSearchHook: HKCU - URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\Juno\SearchEnh1.dll (Juno, Inc.)
URLSearchHook: HKCU - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = http://search.juno.com/search?action=search&source=browserbox_isp&query={searchTerms}
SearchScopes: HKCU - {80550DA4-A930-4EFA-9A1C-088D09AB3EE8} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386
SearchScopes: HKCU - {B0F6A9E6-A20E-2078-1826-6C700C6E8C1D} URL = http://www.bing.com/search?q={searchTerms}&pc=Z045&form=ZGAIDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80716&lng=en
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
Toolbar: HKLM-x32 - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll (Juno, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {63B834D7-CFCD-442A-9B0A-921F54D3E792} -  No File
Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @DailyBibleGuide.com/Plugin - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF Plugin-x32: @ei.TotalRecipeSearch_14.com/Plugin - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox\
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\leon\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (TotalRecipeSearch Installer Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\leon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Online Security) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-21]
CHR StartMenuInternet: Google Chrome - C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()
S1 SASKUTIL; J:\Portables\PenApps\Security\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 12:55 - 2014-04-28 12:56 - 00000000 ____D () C:\FRST
2014-04-28 12:54 - 2014-04-28 12:55 - 02061824 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-04-28 12:53 - 2014-04-28 12:53 - 01049600 _____ (Farbar) C:\Users\leon\Downloads\FRST.exe
2014-04-26 06:34 - 2014-04-26 06:35 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-25 23:10 - 2014-04-28 12:48 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-25 23:10 - 2014-04-25 23:10 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-23 14:53 - 2014-04-23 14:53 - 00007610 _____ () C:\Users\leon\Desktop\attach.txt
2014-04-23 14:53 - 2014-04-23 14:52 - 00018923 _____ () C:\Users\leon\Desktop\dds.txt
2014-04-23 14:46 - 2014-04-23 14:46 - 00000000 ____D () C:\Users\leon\Downloads\URL-Mal
2014-04-23 12:18 - 2014-04-28 12:48 - 00000962 _____ () C:\Windows\setupact.log
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 11:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-115924.backup
2014-04-23 11:54 - 2014-04-23 12:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:45 - 2014-04-21 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\leon\Downloads\ccsetup412.exe
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:17 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:07 - 2014-04-21 14:07 - 00000000 ____D () C:\Users\leon\AppData\Roaming\AVAST Software
2014-04-21 14:06 - 2014-04-28 12:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-21 14:06 - 2014-04-21 14:06 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-21 14:06 - 2014-04-21 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-21 14:06 - 2014-04-21 14:05 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-21 14:05 - 2014-04-21 14:05 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-21 14:05 - 2014-04-21 14:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-21 13:59 - 2014-04-21 14:00 - 88882192 _____ (AVAST Software) C:\Users\leon\Downloads\avast_free_antivirus_setup.exe
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-15 10:55 - 2014-04-23 11:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 10:55 - 2014-04-15 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-15 10:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-15 10:55 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
2014-04-06 08:49 - 2014-04-23 21:56 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 12:56 - 2014-04-28 12:55 - 00000000 ____D () C:\FRST
2014-04-28 12:55 - 2014-04-28 12:54 - 02061824 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-04-28 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 12:53 - 2014-04-28 12:53 - 01049600 _____ (Farbar) C:\Users\leon\Downloads\FRST.exe
2014-04-28 12:53 - 2011-07-06 14:57 - 01154354 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 12:53 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 12:51 - 2014-01-16 12:52 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA8D1FF1-858A-4D9A-B0B5-5458368BDDC0}
2014-04-28 12:51 - 2011-07-06 14:58 - 00000000 ____D () C:\Users\leon
2014-04-28 12:49 - 2014-04-21 14:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 12:48 - 2014-04-25 23:10 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-28 12:48 - 2014-04-23 12:18 - 00000962 _____ () C:\Windows\setupact.log
2014-04-28 12:48 - 2011-11-30 21:55 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
2014-04-28 12:48 - 2011-04-21 12:41 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-28 12:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 16:01 - 2012-02-18 10:01 - 00000254 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-04-26 15:45 - 2012-09-04 06:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 15:42 - 2012-01-24 07:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000UA.job
2014-04-26 06:42 - 2012-01-24 07:29 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000Core.job
2014-04-26 06:35 - 2014-04-26 06:34 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-25 23:10 - 2014-04-25 23:10 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-25 23:09 - 2011-10-28 08:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-25 23:09 - 2011-07-08 09:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-23 21:56 - 2014-04-06 08:49 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-23 14:53 - 2014-04-23 14:53 - 00007610 _____ () C:\Users\leon\Desktop\attach.txt
2014-04-23 14:52 - 2014-04-23 14:53 - 00018923 _____ () C:\Users\leon\Desktop\dds.txt
2014-04-23 14:46 - 2014-04-23 14:46 - 00000000 ____D () C:\Users\leon\Downloads\URL-Mal
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 12:17 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-23 11:57 - 2014-04-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-23 11:07 - 2014-04-15 10:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 19:59 - 2013-01-07 14:23 - 13123584 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW
2014-04-21 19:59 - 2013-01-07 14:23 - 01900544 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.TLG
2014-04-21 19:59 - 2013-01-07 14:23 - 00000354 _____ () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.ND
2014-04-21 19:59 - 2011-07-09 12:43 - 00007490 ____N () C:\Users\leon\Documents\bethel.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00009684 ____N () C:\Users\leon\Documents\tHE cHRISTMAS wISH.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00008280 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06.dsn
2014-04-21 17:28 - 2011-07-09 12:43 - 00009390 ____N () C:\Users\leon\Documents\SOZO.dsn
2014-04-21 17:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-21 16:01 - 2011-11-02 15:06 - 00000000 ____D () C:\Users\leon\QuickBooksAutoDataRecovery
2014-04-21 14:53 - 2011-07-17 16:59 - 00000000 ____D () C:\Users\leon\AppData\Local\CrashDumps
2014-04-21 14:53 - 2011-02-11 10:00 - 00000000 ____D () C:\Windows\Panther
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:47 - 2011-07-09 13:32 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-21 14:47 - 2011-07-09 13:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-21 14:45 - 2014-04-21 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\leon\Downloads\ccsetup412.exe
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:18 - 2014-04-21 14:17 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:07 - 2014-04-21 14:07 - 00000000 ____D () C:\Users\leon\AppData\Roaming\AVAST Software
2014-04-21 14:06 - 2014-04-21 14:06 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-21 14:06 - 2014-04-21 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-21 14:05 - 2014-04-21 14:06 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-21 14:05 - 2014-04-21 14:05 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-21 14:05 - 2014-04-21 14:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-21 14:02 - 2014-03-04 14:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 14:00 - 2014-04-21 13:59 - 88882192 _____ (AVAST Software) C:\Users\leon\Downloads\avast_free_antivirus_setup.exe
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-18 08:11 - 2012-02-18 10:11 - 00000000 ____D () C:\temp_dvd
2014-04-17 10:53 - 2011-07-09 12:43 - 00006553 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06save.dsn
2014-04-17 06:15 - 2009-07-13 21:45 - 00541536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 18:14 - 2011-07-09 12:43 - 00010890 ____N () C:\Users\leon\Documents\# 1.dsn
2014-04-15 11:31 - 2011-11-30 12:11 - 00000000 ____D () C:\Program Files (x86)\DailyBibleGuide
2014-04-15 11:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-04-15 11:29 - 2011-11-30 21:54 - 00000000 ____D () C:\Program Files (x86)\Inbox Toolbar
2014-04-15 10:55 - 2014-04-15 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 09:43 - 2011-07-09 12:43 - 00009133 ____N () C:\Users\leon\Documents\# 6.dsn
2014-04-15 09:43 - 2011-07-09 12:43 - 00008733 ____N () C:\Users\leon\Documents\# 7.dsn
2014-04-12 18:12 - 2011-07-09 12:43 - 00006753 ____N () C:\Users\leon\Documents\PAT.dsn
2014-04-12 17:22 - 2011-11-30 21:55 - 00000000 ____D () C:\Users\leon\AppData\Roaming\PCPowerSpeed
2014-04-12 16:33 - 2012-07-28 06:54 - 00000000 ____D () C:\Users\leon\AppData\Local\Windows Live
2014-04-11 15:51 - 2011-07-09 12:57 - 00000376 _____ () C:\Windows\ODBC.INI
2014-04-10 06:45 - 2012-01-24 07:29 - 00002323 _____ () C:\Users\leon\Desktop\Google Chrome.lnk
2014-04-09 06:12 - 2013-07-27 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 06:07 - 2012-05-04 06:29 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
2014-04-03 09:51 - 2014-04-15 10:55 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-15 10:55 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-15 10:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 15:27 - 2012-04-14 18:59 - 00005501 ____N () C:\Users\leon\Documents\NN.std
2014-03-30 15:27 - 2011-07-09 12:43 - 00010413 ____N () C:\Users\leon\Documents\NEW LIFE.dsn
2014-03-30 15:26 - 2011-07-09 12:43 - 00007832 ____N () C:\Users\leon\Documents\john.dsn
2014-03-30 15:26 - 2011-07-09 12:43 - 00007177 ____N () C:\Users\leon\Documents\MIKE R.dsn
2014-03-30 15:25 - 2011-12-04 20:09 - 00004266 ____N () C:\Users\leon\Documents\DEBRAH GLEBE.std
2014-03-30 15:25 - 2011-07-09 12:43 - 00013011 ____N () C:\Users\leon\Documents\JOEL.dsn
2014-03-30 15:25 - 2011-07-09 12:43 - 00011009 ____N () C:\Users\leon\Documents\four ds.dsn
2014-03-30 15:25 - 2011-07-09 12:43 - 00007966 ____N () C:\Users\leon\Documents\GARY.dsn
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0520192 ____A (Microsoft Corporation) A02A25445B3F3149B8CFB9117FC406C8
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 09:14
 
==================== End Of Log ============================
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by leon (administrator) on SELFCOMPUTER on 28-04-2014 12:56:11
Running from J:\MyFiles\Computer Work\Selfs Computer
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Crawler, LLC) C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\qsacc\x1exec.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1076696 2014-04-11] (Crawler, LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-21] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\e54565d4-4062-4703-b4f8-d40320f1f074.exe /check [181136 2014-04-28] (AVAST Software)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Google Update] => C:\Users\leon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-24] (Google Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Juno_uoltray] => C:\Program Files (x86)\Juno\exec.exe [1797632 2012-04-26] (Juno, Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\leon\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=be00180295e147d2a44afd6e91cb2f3e-b07cb003248b40dd1d13ceda63081802332a107b /CMPID=0214c
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\hp\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
URLSearchHook: HKLM-x32 - (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No File
URLSearchHook: HKCU - URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\Juno\SearchEnh1.dll (Juno, Inc.)
URLSearchHook: HKCU - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = http://search.juno.com/search?action=search&source=browserbox_isp&query={searchTerms}
SearchScopes: HKCU - {80550DA4-A930-4EFA-9A1C-088D09AB3EE8} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386
SearchScopes: HKCU - {B0F6A9E6-A20E-2078-1826-6C700C6E8C1D} URL = http://www.bing.com/search?q={searchTerms}&pc=Z045&form=ZGAIDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80716&lng=en
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
Toolbar: HKLM-x32 - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll (Juno, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {63B834D7-CFCD-442A-9B0A-921F54D3E792} -  No File
Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @DailyBibleGuide.com/Plugin - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
FF Plugin-x32: @ei.TotalRecipeSearch_14.com/Plugin - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox\
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\leon\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (TotalRecipeSearch Installer Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\leon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Online Security) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-21]
CHR StartMenuInternet: Google Chrome - C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()
S1 SASKUTIL; J:\Portables\PenApps\Security\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-28 12:55 - 2014-04-28 12:56 - 00000000 ____D () C:\FRST
2014-04-28 12:54 - 2014-04-28 12:55 - 02061824 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-04-28 12:53 - 2014-04-28 12:53 - 01049600 _____ (Farbar) C:\Users\leon\Downloads\FRST.exe
2014-04-26 06:34 - 2014-04-26 06:35 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-25 23:10 - 2014-04-28 12:48 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-25 23:10 - 2014-04-25 23:10 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-23 14:53 - 2014-04-23 14:53 - 00007610 _____ () C:\Users\leon\Desktop\attach.txt
2014-04-23 14:53 - 2014-04-23 14:52 - 00018923 _____ () C:\Users\leon\Desktop\dds.txt
2014-04-23 14:46 - 2014-04-23 14:46 - 00000000 ____D () C:\Users\leon\Downloads\URL-Mal
2014-04-23 12:18 - 2014-04-28 12:48 - 00000962 _____ () C:\Windows\setupact.log
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 11:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-115924.backup
2014-04-23 11:54 - 2014-04-23 12:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:57 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:45 - 2014-04-21 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\leon\Downloads\ccsetup412.exe
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:17 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:07 - 2014-04-21 14:07 - 00000000 ____D () C:\Users\leon\AppData\Roaming\AVAST Software
2014-04-21 14:06 - 2014-04-28 12:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-21 14:06 - 2014-04-21 14:06 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-21 14:06 - 2014-04-21 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-21 14:06 - 2014-04-21 14:05 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-21 14:06 - 2014-04-21 14:05 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-21 14:05 - 2014-04-21 14:05 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-21 14:05 - 2014-04-21 14:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-21 13:59 - 2014-04-21 14:00 - 88882192 _____ (AVAST Software) C:\Users\leon\Downloads\avast_free_antivirus_setup.exe
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-15 10:55 - 2014-04-23 11:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 10:55 - 2014-04-15 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-15 10:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-15 10:55 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
2014-04-06 08:49 - 2014-04-23 21:56 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 12:56 - 2014-04-28 12:55 - 00000000 ____D () C:\FRST
2014-04-28 12:55 - 2014-04-28 12:54 - 02061824 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-04-28 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 12:53 - 2014-04-28 12:53 - 01049600 _____ (Farbar) C:\Users\leon\Downloads\FRST.exe
2014-04-28 12:53 - 2011-07-06 14:57 - 01154354 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 12:53 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 12:51 - 2014-01-16 12:52 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA8D1FF1-858A-4D9A-B0B5-5458368BDDC0}
2014-04-28 12:51 - 2011-07-06 14:58 - 00000000 ____D () C:\Users\leon
2014-04-28 12:49 - 2014-04-21 14:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-28 12:48 - 2014-04-25 23:10 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-28 12:48 - 2014-04-23 12:18 - 00000962 _____ () C:\Windows\setupact.log
2014-04-28 12:48 - 2011-11-30 21:55 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
2014-04-28 12:48 - 2011-04-21 12:41 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-28 12:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 16:01 - 2012-02-18 10:01 - 00000254 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-04-26 15:45 - 2012-09-04 06:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 15:42 - 2012-01-24 07:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000UA.job
2014-04-26 06:42 - 2012-01-24 07:29 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000Core.job
2014-04-26 06:35 - 2014-04-26 06:34 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-25 23:10 - 2014-04-25 23:10 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-25 23:09 - 2011-10-28 08:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-25 23:09 - 2011-07-08 09:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-23 21:56 - 2014-04-06 08:49 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-23 14:53 - 2014-04-23 14:53 - 00007610 _____ () C:\Users\leon\Desktop\attach.txt
2014-04-23 14:52 - 2014-04-23 14:53 - 00018923 _____ () C:\Users\leon\Desktop\dds.txt
2014-04-23 14:46 - 2014-04-23 14:46 - 00000000 ____D () C:\Users\leon\Downloads\URL-Mal
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 12:17 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-23 11:57 - 2014-04-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-23 11:07 - 2014-04-15 10:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 19:59 - 2013-01-07 14:23 - 13123584 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW
2014-04-21 19:59 - 2013-01-07 14:23 - 01900544 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.TLG
2014-04-21 19:59 - 2013-01-07 14:23 - 00000354 _____ () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.ND
2014-04-21 19:59 - 2011-07-09 12:43 - 00007490 ____N () C:\Users\leon\Documents\bethel.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00009684 ____N () C:\Users\leon\Documents\tHE cHRISTMAS wISH.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00008280 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06.dsn
2014-04-21 17:28 - 2011-07-09 12:43 - 00009390 ____N () C:\Users\leon\Documents\SOZO.dsn
2014-04-21 17:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-21 16:01 - 2011-11-02 15:06 - 00000000 ____D () C:\Users\leon\QuickBooksAutoDataRecovery
2014-04-21 14:53 - 2011-07-17 16:59 - 00000000 ____D () C:\Users\leon\AppData\Local\CrashDumps
2014-04-21 14:53 - 2011-02-11 10:00 - 00000000 ____D () C:\Windows\Panther
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:47 - 2011-07-09 13:32 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-21 14:47 - 2011-07-09 13:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-21 14:45 - 2014-04-21 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\leon\Downloads\ccsetup412.exe
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:18 - 2014-04-21 14:17 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:07 - 2014-04-21 14:07 - 00000000 ____D () C:\Users\leon\AppData\Roaming\AVAST Software
2014-04-21 14:06 - 2014-04-21 14:06 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-21 14:06 - 2014-04-21 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-21 14:05 - 2014-04-21 14:06 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-21 14:05 - 2014-04-21 14:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-21 14:05 - 2014-04-21 14:05 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-21 14:05 - 2014-04-21 14:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-21 14:05 - 2014-04-21 14:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-21 14:02 - 2014-03-04 14:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 14:00 - 2014-04-21 13:59 - 88882192 _____ (AVAST Software) C:\Users\leon\Downloads\avast_free_antivirus_setup.exe
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-18 08:11 - 2012-02-18 10:11 - 00000000 ____D () C:\temp_dvd
2014-04-17 10:53 - 2011-07-09 12:43 - 00006553 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06save.dsn
2014-04-17 06:15 - 2009-07-13 21:45 - 00541536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 18:14 - 2011-07-09 12:43 - 00010890 ____N () C:\Users\leon\Documents\# 1.dsn
2014-04-15 11:31 - 2011-11-30 12:11 - 00000000 ____D () C:\Program Files (x86)\DailyBibleGuide
2014-04-15 11:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-04-15 11:29 - 2011-11-30 21:54 - 00000000 ____D () C:\Program Files (x86)\Inbox Toolbar
2014-04-15 10:55 - 2014-04-15 10:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 09:43 - 2011-07-09 12:43 - 00009133 ____N () C:\Users\leon\Documents\# 6.dsn
2014-04-15 09:43 - 2011-07-09 12:43 - 00008733 ____N () C:\Users\leon\Documents\# 7.dsn
2014-04-12 18:12 - 2011-07-09 12:43 - 00006753 ____N () C:\Users\leon\Documents\PAT.dsn
2014-04-12 17:22 - 2011-11-30 21:55 - 00000000 ____D () C:\Users\leon\AppData\Roaming\PCPowerSpeed
2014-04-12 16:33 - 2012-07-28 06:54 - 00000000 ____D () C:\Users\leon\AppData\Local\Windows Live
2014-04-11 15:51 - 2011-07-09 12:57 - 00000376 _____ () C:\Windows\ODBC.INI
2014-04-10 06:45 - 2012-01-24 07:29 - 00002323 _____ () C:\Users\leon\Desktop\Google Chrome.lnk
2014-04-09 06:12 - 2013-07-27 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 06:07 - 2012-05-04 06:29 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
2014-04-03 09:51 - 2014-04-15 10:55 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-15 10:55 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-15 10:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 15:27 - 2012-04-14 18:59 - 00005501 ____N () C:\Users\leon\Documents\NN.std
2014-03-30 15:27 - 2011-07-09 12:43 - 00010413 ____N () C:\Users\leon\Documents\NEW LIFE.dsn
2014-03-30 15:26 - 2011-07-09 12:43 - 00007832 ____N () C:\Users\leon\Documents\john.dsn
2014-03-30 15:26 - 2011-07-09 12:43 - 00007177 ____N () C:\Users\leon\Documents\MIKE R.dsn
2014-03-30 15:25 - 2011-12-04 20:09 - 00004266 ____N () C:\Users\leon\Documents\DEBRAH GLEBE.std
2014-03-30 15:25 - 2011-07-09 12:43 - 00013011 ____N () C:\Users\leon\Documents\JOEL.dsn
2014-03-30 15:25 - 2011-07-09 12:43 - 00011009 ____N () C:\Users\leon\Documents\four ds.dsn
2014-03-30 15:25 - 2011-07-09 12:43 - 00007966 ____N () C:\Users\leon\Documents\GARY.dsn
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0520192 ____A (Microsoft Corporation) A02A25445B3F3149B8CFB9117FC406C8
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 09:14
 
==================== End Of Log ============================
 
 
Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by leon at 2014-04-28 13:01:00
Running from J:\MyFiles\Computer Work\Selfs Computer
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0520192 ____A (Microsoft Corporation) A02A25445B3F3149B8CFB9117FC406C8
 
====== End Of Search ======
 
 
 
 
 


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 29 April 2014 - 12:58 PM

Hi hehaswon,
 
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove (and any other Wildtangent programs).

Reboot after the uninstallation.
 
--------------
 
Spybot S&D No Longer Recommended:
MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.
If you choose to uninstall please go to StartControl PanelAdd/Remove Programs (or Programs and Features) and uninstall the program.
 
--------------
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

Ask Toolbar
Coupon Printer for Windows
Inbox Toolbar
IncrediMail MediaBar 2 Toolbar
NCH FileBulldog Toolbar
SiteRanker
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
2014-04-06 08:49 - 2014-04-23 21:56 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 30 April 2014 - 02:45 AM

Success!  
 
First, some comments
 
WildTangent : I couldn't find a WildTangent program to uninstall, but then I discovered it was withing the HP Games installation. 
 
I then uninstalled the games.
 
Spybot S&D : I fully understand that Spybot is outdated, but just to mention that it found a handful of adware, etc. after the 
 
others I tried found nothing.
 
AdwCleaner : instructs said to run the tool again, but there was no instruction to run the first time. It ran fine and cleared out 
 
some stuff.
 
FRST seems to have done the trick. The Mal: URL symptoms are gone.
 
Thanks for your help Toffee. I'll ask my friends that I did this work for to donate to the cause. I'll be returning their computer in 
 
the next couple of days.
 
Below are the logs:
 
 
# AdwCleaner v3.205 - Report created 29/04/2014 at 21:00:37
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : leon - SELFCOMPUTER
# Running from : J:\MyFiles\Computer Work\Selfs Computer\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
[x] Not Deleted : C:\Program Files (x86)\DailyBibleGuideEI
Folder Deleted : C:\Program Files (x86)\TelevisionFanatic
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Deleted : C:\Users\leon\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\leon\AppData\LocalLow\Conduit
[x] Not Deleted : C:\Users\leon\AppData\LocalLow\DailyBibleGuideEI
Folder Deleted : C:\Users\leon\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\leon\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\leon\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\leon\AppData\LocalLow\SiteRanker
Folder Deleted : C:\Users\leon\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\leon\AppData\LocalLow\TelevisionFanaticEI
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\RebateGiant.com.url
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [64ffxtbr@TelevisionFanatic.com]
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Deleted : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623a8c4-150d-4983-8982-68c01e7d6541}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5939F5B-E666-40FF-AD13-C32A6DADC634}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BACFBD96-D2F1-4E9C-8F82-A7B30B3EDBF4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[x] Not Deleted : HKCU\Software\AppDataLow\Software\DailyBibleGuideEI
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanaticEI
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\IncrediMail_MediaBar_2
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
 
-\\ Google Chrome v
 
[ File : C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [11083 octets] - [29/04/2014 20:53:12]
AdwCleaner[S0].txt - [9954 octets] - [29/04/2014 21:00:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10014 octets] ##########
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by leon at 2014-04-29 23:55:36 Run:1
Running from C:\Users\leon\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2014-04-06 08:49 - 2014-04-23 21:56 - 00000079 _____ () C:\Windows\system32\kbhaurv.wxu
2014-04-06 08:33 - 2014-04-06 08:33 - 00000064 _____ () C:\Windows\system32\gffuuql.xsw
2014-04-06 08:33 - 2014-04-06 08:33 - 00000000 _____ () C:\Windows\system32\glxlonf.ddp
2014-04-06 08:17 - 2014-04-06 08:17 - 00305834 ____S () C:\Windows\system32\ggsj.dxk
2014-04-21 06:56 - 2014-04-21 06:56 - 01071360 _____ (Solid State Networks) C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
 
*****************
 
C:\Windows\system32\kbhaurv.wxu => Moved successfully.
C:\Windows\system32\gffuuql.xsw => Moved successfully.
Could not move "C:\Windows\system32\glxlonf.ddp" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ggsj.dxk" => Scheduled to move on reboot.
C:\Users\leon\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-29 23:57:06)<=
 
C:\Windows\system32\glxlonf.ddp => Is moved successfully.
C:\Windows\system32\ggsj.dxk => Is moved successfully.
 
==== End of Fixlog ====
 
 
 
 


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 30 April 2014 - 11:24 AM

Hi hehaswon,
 

Spybot S&D : I fully understand that Spybot is outdated, but just to mention that it found a handful of adware, etc. after the others I tried found nothing.

No worries, it's more a recommendation than a must. A tool will not find everything and so it's to use a number of different tools when cleaning.
 

AdwCleaner : instructs said to run the tool again, but there was no instruction to run the first time. It ran fine and cleared out some stuff.

Sorry, this was my fault, I thought I had instructed you to run the tool before, but it seems not. Thank you for figuring this out though.
 
Good to hear the ads are gone, but there is still a few things I would still like to do to make sure the machine is clean.
 
Did you purposely un-select these items from AdwCleaner?:
[x] Not Deleted : C:\Program Files (x86)\DailyBibleGuideEI
[x] Not Deleted : C:\Users\leon\AppData\LocalLow\DailyBibleGuideEI
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
[x] Not Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [64ffxtbr@TelevisionFanatic.com]
[x] Not Deleted : HKCU\Software\AppDataLow\Software\DailyBibleGuideEI
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
One thing I do want to mention is that DailyBibleGuideEI, TelevisionFanatic and AVG Secure Search are toolbars which are often installed without the user knowing, and both DailyBibleGuideEI and TelevisionFanatic will show you adverts. DailyBibleGuideEI is not really much to do with religion it seems either.
 
--------------
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
This one can take a long time, so it's best done over night.

I'd like us to scan your machine with ESET OnlineScan:

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
Please run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop, please copy and paste the contents into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Malwarebytes log
  • ESET log
  • New FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 01 May 2014 - 02:23 PM

Here are the asked for logs:

 

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 12:21:57 AM
Logfile: Fixlog2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: leon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 249927
Time Elapsed: 31 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@TelevisionFanatic.com/Plugin, Quarantined, [f7435af22259cc6a14e6f9c33cc7f30d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

ESET log

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm 
C:\FRST\Quarantine\C\Windows\system32\rpcss.dll.xBAD Win64/Patched.H trojan deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1573249041-411433255-502828165-1000\$RXQLPFF\IncrediMail_MediaBar_2ToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1573249041-411433255-502828165-1000\$RXQLPFF\ldrtbIncr.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1573249041-411433255-502828165-1000\$RXQLPFF\prxtbIncr.dll Win32/Toolbar.Conduit.O potentially unwanted application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1573249041-411433255-502828165-1000\$RXQLPFF\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\leon\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbIncr.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\leon\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\leon\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\leon\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\011E7766.exe.vir a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Disketch\disketch.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Disketch\disketchsetup[1]_v2.12.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Disketch\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\URL-Mal\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\leon\AppData\LocalLow\DailyBibleGuideEI\Installr\Cache\0007E0EC.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application deleted - quarantined
C:\Users\leon\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\01265121.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application deleted - quarantined

 

New FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by leon (administrator) on SELFCOMPUTER on 01-05-2014 11:16:01
Running from C:\Users\leon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\qsacc\x1exec.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Google Update] => C:\Users\leon\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-24] (Google Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [Juno_uoltray] => C:\Program Files (x86)\Juno\exec.exe [1797632 2012-04-26] (Juno, Inc.)
HKU\S-1-5-21-1573249041-411433255-502828165-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\leon\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=be00180295e147d2a44afd6e91cb2f3e-b07cb003248b40dd1d13ceda63081802332a107b /CMPID=0214c
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\hp\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\Juno\SearchEnh1.dll (Juno, Inc.)
URLSearchHook: HKCU - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File
SearchScopes: HKLM - {7FB14720-CD88-4C57-A668-E040EC557FAE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {7FB14720-CD88-4C57-A668-E040EC557FAE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9230cb90-79de-4945-88a4-762244a25bc8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=77F8E56E-F01D-4BD0-8A3F-207A4C7A6E61&ind=2011112722&ptnrS=YKxdm069YYus&si=&n=77df2512&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {A4ED86BA-DFB3-403A-B314-61DD1EE42FD2} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = http://search.juno.com/search?action=search&source=browserbox_isp&query={searchTerms}
SearchScopes: HKCU - {7FB14720-CD88-4C57-A668-E040EC557FAE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {80550DA4-A930-4EFA-9A1C-088D09AB3EE8} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9230cb90-79de-4945-88a4-762244a25bc8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=77F8E56E-F01D-4BD0-8A3F-207A4C7A6E61&ind=2011112722&ptnrS=YKxdm069YYus&si=&n=77df2512&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {A4ED86BA-DFB3-403A-B314-61DD1EE42FD2} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {B0F6A9E6-A20E-2078-1826-6C700C6E8C1D} URL = http://www.bing.com/search?q={searchTerms}&pc=Z045&form=ZGAIDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKLM-x32 - JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll (Juno, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {63B834D7-CFCD-442A-9B0A-921F54D3E792} -  No File
Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @DailyBibleGuide.com/Plugin - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\leon\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-30]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US0&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\leon\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\leon\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (TotalRecipeSearch Installer Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\leon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (SiteAdvisor) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-30]
CHR Extension: (Google Wallet) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-30]
CHR StartMenuInternet: Google Chrome - C:\Users\leon\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 SASKUTIL; \??\J:\Portables\PenApps\Security\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-01 11:16 - 2014-05-01 11:16 - 00020888 _____ () C:\Users\leon\Desktop\FRST.txt
2014-05-01 11:15 - 2014-04-28 12:55 - 02061824 _____ (Farbar) C:\Users\leon\Desktop\FRST64.exe
2014-05-01 11:12 - 2014-05-01 11:12 - 00003464 _____ () C:\Users\leon\Documents\Eset Scan2.txt
2014-05-01 09:01 - 2014-05-01 09:01 - 00000332 _____ () C:\Users\leon\Documents\Eset Scan.txt
2014-05-01 00:30 - 2014-05-01 00:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-01 00:29 - 2014-05-01 00:29 - 02347384 _____ (ESET) C:\Users\leon\Downloads\esetsmartinstaller_enu.exe
2014-04-30 23:47 - 2014-04-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-30 11:29 - 2014-04-30 11:29 - 00000000 ____D () C:\Users\leon\AppData\Roaming\InstallShield
2014-04-30 11:29 - 2014-04-30 11:29 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-04-30 11:29 - 2013-09-23 05:01 - 02556616 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2014-04-30 11:29 - 2013-09-18 19:42 - 00331568 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-04-30 11:29 - 2013-09-18 19:42 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2014-04-30 11:11 - 2014-04-30 23:47 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-04-30 11:11 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-30 11:10 - 2014-04-30 11:10 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-04-30 11:09 - 2014-04-30 11:20 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-30 11:09 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\McAfee
2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files\McAfee.com
2014-04-30 11:03 - 2014-04-30 11:04 - 00000000 ____D () C:\Program Files\stinger
2014-04-30 11:02 - 2014-04-30 14:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-30 11:02 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-30 11:02 - 2014-03-17 18:54 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-04-30 11:01 - 2014-04-30 11:01 - 05142080 _____ (McAfee, Inc.) C:\Users\leon\Downloads\Setup_serial_axOgvnWitcAxlsYyCDk4Tg2_key.exe
2014-04-30 11:01 - 2014-04-30 11:01 - 00000074 _____ () C:\Users\leon\Documents\McAfee Antivirus.txt
2014-04-30 10:38 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-30 10:38 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-30 10:38 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 10:38 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-30 10:37 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-30 10:37 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-30 10:37 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-30 10:37 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-30 10:37 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-30 10:37 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-30 10:37 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-30 10:37 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-30 10:37 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-30 10:37 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-30 10:37 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-30 10:37 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-30 10:37 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-30 10:37 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-30 10:37 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-30 10:37 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-30 10:37 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-30 10:08 - 2014-04-30 10:24 - 00000000 ____D () C:\Users\leon\Desktop\Desktop Archive
2014-04-29 20:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-29 20:52 - 2014-04-29 21:00 - 00000000 ____D () C:\AdwCleaner
2014-04-29 20:48 - 2014-04-30 15:47 - 00344218 _____ () C:\Windows\PFRO.log
2014-04-29 20:34 - 2014-04-29 20:35 - 00000000 ____D () C:\Program Files (x86)\HP Games - Copy
2014-04-29 19:49 - 2014-04-29 19:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 12:55 - 2014-05-01 11:16 - 00000000 ____D () C:\FRST
2014-04-26 06:34 - 2014-04-26 06:35 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-25 23:10 - 2014-04-30 15:44 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-25 23:10 - 2014-04-30 11:24 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-23 14:46 - 2014-05-01 11:09 - 00000000 ____D () C:\URL-Mal
2014-04-23 12:18 - 2014-04-30 23:39 - 00001634 _____ () C:\Windows\setupact.log
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 11:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140423-115924.backup
2014-04-23 11:54 - 2014-04-29 19:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-23 11:54 - 2014-04-29 19:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:17 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:03 - 2014-04-30 11:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-15 10:55 - 2014-04-30 23:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-15 10:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-15 10:55 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM

==================== One Month Modified Files and Folders =======

2014-05-01 11:16 - 2014-05-01 11:16 - 00020888 _____ () C:\Users\leon\Desktop\FRST.txt
2014-05-01 11:16 - 2014-04-28 12:55 - 00000000 ____D () C:\FRST
2014-05-01 11:12 - 2014-05-01 11:12 - 00003464 _____ () C:\Users\leon\Documents\Eset Scan2.txt
2014-05-01 11:09 - 2014-04-23 14:46 - 00000000 ____D () C:\URL-Mal
2014-05-01 11:08 - 2012-01-24 07:29 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000UA.job
2014-05-01 11:07 - 2012-09-04 06:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 11:07 - 2012-02-18 10:01 - 00000254 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-05-01 10:14 - 2011-07-06 14:57 - 01814972 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 09:01 - 2014-05-01 09:01 - 00000332 _____ () C:\Users\leon\Documents\Eset Scan.txt
2014-05-01 08:00 - 2012-01-24 07:29 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573249041-411433255-502828165-1000Core.job
2014-05-01 07:48 - 2014-01-16 12:52 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA8D1FF1-858A-4D9A-B0B5-5458368BDDC0}
2014-05-01 00:30 - 2014-05-01 00:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-01 00:29 - 2014-05-01 00:29 - 02347384 _____ (ESET) C:\Users\leon\Downloads\esetsmartinstaller_enu.exe
2014-04-30 23:50 - 2014-04-15 10:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 23:47 - 2014-04-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-30 23:47 - 2014-04-30 11:11 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-04-30 23:47 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 23:47 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 23:44 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 23:40 - 2011-04-21 12:41 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-30 23:39 - 2014-04-23 12:18 - 00001634 _____ () C:\Windows\setupact.log
2014-04-30 23:39 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 17:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 16:39 - 2011-10-28 08:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-30 15:52 - 2011-07-06 14:58 - 00000000 ____D () C:\Users\leon
2014-04-30 15:47 - 2014-04-29 20:48 - 00344218 _____ () C:\Windows\PFRO.log
2014-04-30 15:44 - 2014-04-25 23:10 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForleon.job
2014-04-30 14:58 - 2014-04-30 11:02 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-30 11:30 - 2011-07-08 09:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-30 11:30 - 2011-04-21 12:16 - 00004392 _____ () C:\Windows\system32\RaCoInst.log
2014-04-30 11:29 - 2014-04-30 11:29 - 00000000 ____D () C:\Users\leon\AppData\Roaming\InstallShield
2014-04-30 11:29 - 2014-04-30 11:29 - 00000000 ____D () C:\ProgramData\Ralink Driver
2014-04-30 11:29 - 2011-04-21 12:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-30 11:29 - 2011-02-10 15:39 - 00000000 ____D () C:\swsetup
2014-04-30 11:24 - 2014-04-25 23:10 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForleon
2014-04-30 11:20 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-30 11:20 - 2009-07-13 22:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 11:19 - 2014-04-21 14:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-30 11:11 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files\McAfee
2014-04-30 11:11 - 2014-04-30 11:02 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-30 11:10 - 2014-04-30 11:10 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files\McAfee.com
2014-04-30 11:04 - 2014-04-30 11:03 - 00000000 ____D () C:\Program Files\stinger
2014-04-30 11:01 - 2014-04-30 11:01 - 05142080 _____ (McAfee, Inc.) C:\Users\leon\Downloads\Setup_serial_axOgvnWitcAxlsYyCDk4Tg2_key.exe
2014-04-30 11:01 - 2014-04-30 11:01 - 00000074 _____ () C:\Users\leon\Documents\McAfee Antivirus.txt
2014-04-30 10:24 - 2014-04-30 10:08 - 00000000 ____D () C:\Users\leon\Desktop\Desktop Archive
2014-04-30 00:12 - 2011-03-21 05:24 - 00000000 _RSHD () C:\hp
2014-04-29 21:00 - 2014-04-29 20:52 - 00000000 ____D () C:\AdwCleaner
2014-04-29 20:41 - 2011-07-17 16:59 - 00000000 ____D () C:\Users\leon\AppData\Local\CrashDumps
2014-04-29 20:38 - 2012-07-10 19:52 - 00000000 ____D () C:\Users\leon\AppData\Roaming\WildTangent
2014-04-29 20:38 - 2011-04-21 12:35 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-29 20:38 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-29 20:35 - 2014-04-29 20:34 - 00000000 ____D () C:\Program Files (x86)\HP Games - Copy
2014-04-29 19:49 - 2014-04-29 19:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-29 19:46 - 2014-04-23 11:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-29 19:46 - 2014-04-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-29 14:45 - 2012-01-24 07:29 - 00002323 _____ () C:\Users\leon\Desktop\Google Chrome.lnk
2014-04-29 14:40 - 2013-01-07 14:23 - 13123584 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW
2014-04-29 14:40 - 2013-01-07 14:23 - 01114112 ____R () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.TLG
2014-04-29 14:40 - 2013-01-07 14:23 - 00000354 _____ () C:\Users\leon\CHEHALEM VALLEY AUTO REPAIR,  INC..QBW.ND
2014-04-28 13:58 - 2012-12-03 08:23 - 00003226 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSELFCOMPUTER$
2014-04-28 13:58 - 2012-12-03 08:23 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForSELFCOMPUTER$.job
2014-04-28 13:45 - 2012-09-04 06:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 13:45 - 2012-09-04 06:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 13:45 - 2011-11-04 12:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 12:55 - 2014-05-01 11:15 - 02061824 _____ (Farbar) C:\Users\leon\Desktop\FRST64.exe
2014-04-26 06:35 - 2014-04-26 06:34 - 00000000 ___DC () C:\Users\leon\AppData\Local\MigWiz
2014-04-23 12:18 - 2014-04-23 12:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
2014-04-23 11:35 - 2014-04-23 11:35 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-21 19:59 - 2011-07-09 12:43 - 00007490 ____N () C:\Users\leon\Documents\bethel.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00009684 ____N () C:\Users\leon\Documents\tHE cHRISTMAS wISH.dsn
2014-04-21 17:29 - 2011-07-09 12:43 - 00008280 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06.dsn
2014-04-21 17:28 - 2011-07-09 12:43 - 00009390 ____N () C:\Users\leon\Documents\SOZO.dsn
2014-04-21 17:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-21 16:01 - 2011-11-02 15:06 - 00000000 ____D () C:\Users\leon\QuickBooksAutoDataRecovery
2014-04-21 14:53 - 2011-02-11 10:00 - 00000000 ____D () C:\Windows\Panther
2014-04-21 14:47 - 2014-04-21 14:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-21 14:47 - 2011-07-09 13:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 14:18 - 2014-04-21 14:18 - 00000000 ____D () C:\Users\leon\AppData\Roaming\DropboxMaster
2014-04-21 14:18 - 2014-04-21 14:17 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Dropbox
2014-04-21 14:02 - 2014-03-04 14:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-18 08:11 - 2012-02-18 10:11 - 00000000 ____D () C:\temp_dvd
2014-04-17 10:53 - 2011-07-09 12:43 - 00006553 ____N () C:\Users\leon\Documents\Womens Retreat # 6  06save.dsn
2014-04-17 06:15 - 2009-07-13 21:45 - 00541536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 18:14 - 2011-07-09 12:43 - 00010890 ____N () C:\Users\leon\Documents\# 1.dsn
2014-04-15 11:31 - 2011-11-30 12:11 - 00000000 ____D () C:\Program Files (x86)\DailyBibleGuide
2014-04-15 11:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-15 10:55 - 2014-04-15 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-15 09:43 - 2011-07-09 12:43 - 00009133 ____N () C:\Users\leon\Documents\# 6.dsn
2014-04-15 09:43 - 2011-07-09 12:43 - 00008733 ____N () C:\Users\leon\Documents\# 7.dsn
2014-04-12 18:12 - 2011-07-09 12:43 - 00006753 ____N () C:\Users\leon\Documents\PAT.dsn
2014-04-12 17:22 - 2011-11-30 21:55 - 00000000 ____D () C:\Users\leon\AppData\Roaming\PCPowerSpeed
2014-04-12 16:33 - 2012-07-28 06:54 - 00000000 ____D () C:\Users\leon\AppData\Local\Windows Live
2014-04-11 15:51 - 2011-07-09 12:57 - 00000376 _____ () C:\Windows\ODBC.INI
2014-04-09 06:12 - 2013-07-27 11:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 06:07 - 2012-05-04 06:29 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 11:01 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\leon\QBBackupTemp Mon, Apr 07 2014 11 01 02 AM
2014-04-03 09:51 - 2014-04-15 10:55 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-15 10:55 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-15 10:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\leon\AppData\Local\Temp\Extract.exe
C:\Users\leon\AppData\Local\Temp\Quarantine.exe
C:\Users\leon\AppData\Local\Temp\SP66068.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 15:10

==================== End Of Log ============================



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 02 May 2014 - 10:51 AM

Hi hehaswon,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
URLSearchHook: HKCU - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File
SearchScopes: HKLM-x32 - {9230cb90-79de-4945-88a4-762244a25bc8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=77F8E56E-F01D-4BD0-8A3F-207A4C7A6E61&ind=2011112722&ptnrS=YKxdm069YYus&si=&n=77df2512&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9230cb90-79de-4945-88a4-762244a25bc8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=77F8E56E-F01D-4BD0-8A3F-207A4C7A6E61&ind=2011112722&ptnrS=YKxdm069YYus&si=&n=77df2512&psa=&st=sb&searchfor={searchTerms}
BHO-x32: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {63B834D7-CFCD-442A-9B0A-921F54D3E792} -  No File
Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
FF Plugin-x32: @DailyBibleGuide.com/Plugin - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF HKLM-x32\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
C:\Program Files (x86)\somototoolbar
C:\Program Files (x86)\DailyBibleGuide
C:\Program Files (x86)\CouponAlert_2pEI
C:\Program Files (x86)\RecipeHub_2j
C:\Program Files (x86)\DailyBibleGuide
C:\Program Files (x86)\TelevisionFanatic
2014-04-29 20:38 - 2012-07-10 19:52 - 00000000 ____D () C:\Users\leon\AppData\Roaming\WildTangent
2014-04-29 20:38 - 2011-04-21 12:35 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-12 17:22 - 2011-11-30 21:55 - 00000000 ____D () C:\Users\leon\AppData\Roaming\PCPowerSpeed
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Uninstalling an extension in chrome:

  • Click the Chrome menu on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the recycle bin icon by Coupons Inc., Coupon Printer Manager to completely remove it.
  • A confirmation dialogue appears, click Remove.
  • Repeat for Coupon Alert Installer Plugin StubMindSpark Toolbar Platform Plugin StubTotalRecipeSearch Installer Plugin Stub and WildTangent Games App Presence Detector.

--------------
 

Your version of Adobe Flash is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Adobe Flash components and update:

§ Download the latest version of Adobe Flash and save it to your desktop.

Note: If you use Google Chrome or Firefox then there is no need to download Adobe Flash, if you also use Internet Explorer then use that browser to download Flash.

§ Close any programs you may have running - especially your web browser.

§ Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.

§ Check (highlight) any item with Adobe Flash in the name.

§ Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Flash uninstaller.

§ Reboot your computer once Adobe Flash is removed.

§ Then from your desktop double-click on the Adobe Flash installer to install the newest version.

§ If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.

§ If offered any unwanted software or toolbars during installation (such as Google Chrome and Google Toolbar); just uncheck the box before continuing unless you want these programs.

--------------
 
How is the computer running?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 02 May 2014 - 07:41 PM

It will be Monday before I can get back to this project. The compujter doesn't have any symptoms that it had before. It's doing good. I've triple warned my friends about deselecting add-ons etc.  Thanks for your help and I will get back to you as soon as I can.  Thanks

 

hehaswon



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 03 May 2014 - 10:38 AM

Hi hehaswon,

 

No worries, I will wait for your reply until you have time. Thank you for telling me and good on you for warning your friends about toolbars and whatnot. I'm glad to hear the computer is doing well and we are almost finished here.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 05 May 2014 - 04:52 PM

Prior to your earlier communication, I got a bit ahead of the process and deleted some files and folders (wild tangent & etc.) I didn't do anything in the registry. That is why some things were not found in this last time through. Sorry, I didn't know you would have more for me.

 

 

 
The computer is doing good. It has been in use this weekend with no issues.
 
Thanks for your help.
 
 
 

Okay here's the output:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2014 02
Ran by leon at 2014-05-05 14:17:53 Run:2
Running from C:\URL-Mal
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
URLSearchHook: HKCU - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll No File
BHO-x32: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {63B834D7-CFCD-442A-9B0A-921F54D3E792} -  No File
Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
FF Plugin-x32: @DailyBibleGuide.com/Plugin - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
FF Plugin-x32: @ei.CouponAlert_2p.com/Plugin - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin-x32: @RecipeHub_2j.com/Plugin - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF HKLM-x32\...\Firefox\Extensions: [2vffxtbr@DailyBibleGuide.com] - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
C:\Program Files (x86)\somototoolbar
C:\Program Files (x86)\DailyBibleGuide
C:\Program Files (x86)\CouponAlert_2pEI
C:\Program Files (x86)\RecipeHub_2j
C:\Program Files (x86)\DailyBibleGuide
C:\Program Files (x86)\TelevisionFanatic
2014-04-29 20:38 - 2012-07-10 19:52 - 00000000 ____D () C:\Users\leon\AppData\Roaming\WildTangent
2014-04-29 20:38 - 2011-04-21 12:35 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-12 17:22 - 2011-11-30 21:55 - 00000000 ____D () C:\Users\leon\AppData\Roaming\PCPowerSpeed
*****************
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f15ff29f-85a1-43cd-9674-e5ba40016c97} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{f15ff29f-85a1-43cd-9674-e5ba40016c97} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9230cb90-79de-4945-88a4-762244a25bc8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8} => Key deleted successfully.
HKCR\CLSID\{9230cb90-79de-4945-88a4-762244a25bc8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{63B834D7-CFCD-442A-9B0A-921F54D3E792} => Value deleted successfully.
HKCR\CLSID\{63B834D7-CFCD-442A-9B0A-921F54D3E792} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} => Value deleted successfully.
HKCR\CLSID\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@DailyBibleGuide.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@RecipeHub_2j.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com => Value deleted successfully.
"C:\Program Files (x86)\somototoolbar" => File/Directory not found.
"C:\Program Files (x86)\DailyBibleGuide" => File/Directory not found.
"C:\Program Files (x86)\CouponAlert_2pEI" => File/Directory not found.
"C:\Program Files (x86)\RecipeHub_2j" => File/Directory not found.
"C:\Program Files (x86)\DailyBibleGuide" => File/Directory not found.
"C:\Program Files (x86)\TelevisionFanatic" => File/Directory not found.
"C:\Users\leon\AppData\Roaming\WildTangent" => File/Directory not found.
"C:\ProgramData\WildTangent" => File/Directory not found.
C:\Users\leon\AppData\Roaming\PCPowerSpeed => Moved successfully.
 
==== End of Fixlog ====


#12 hehaswon

hehaswon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 05 May 2014 - 05:36 PM

Please tell me how to donate.  Thanx.



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 06 May 2014 - 12:18 PM

Hi hehaswon,

 

Prior to your earlier communication, I got a bit ahead of the process and deleted some files and folders (wild tangent & etc.) I didn't do anything in the registry. That is why some things were not found in this last time through. Sorry, I didn't know you would have more for me.

 

The computer is doing good. It has been in use this weekend with no issues.

 
Thanks for your help.

Ah, no worries on that. It was just clearing up some leftovers, not really anything which could do any harm and the computer is clean now. I'm glad to hear the computer is running good, and you are welcome.

 

Please tell me how to donate.  Thanx.

You can donate here if you wish

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 06 May 2014 - 12:18 PM

Hi hehaswon,

 

Your machine is clean! Feel free to enjoy the use of your cleaned computer. Please take the time to follow this last post which tells you how to remove the tools we have used and how to keep your computer clean   :thumbsup:
 
---------------
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
--------------
 
Also, feel free to delete any leftover desktop icons and other various files which have been created throughout the process.
 
---------------
 
I have also complied a list of links which you may be interested in:

This topic will be left open for 3 days in case you have any problems, otherwise it will closed after that time.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:02 PM

Posted 10 May 2014 - 08:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users