Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help need to get rid of savingsbull from control panel


  • This topic is locked This topic is locked
22 replies to this topic

#1 cosmos600

cosmos600

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 28 April 2014 - 11:14 AM

Hi

I wondered whether someone can help me. I have been trying to get rid of savingsbull from my computer for a long time. I have tried everything anti malware, avast boot scan, super antispyware software, rogue killer software. Every time I try to uninstall the savingsbull software it comes up with the feature you are trying to use on a network resource that is unavailable, verify that the source exists and that you can access it.click ok to try again or enter an alternate path to a fold containing the installation package. 

 

Many Thanks

    



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 01 May 2014 - 12:27 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi cosmos600,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 02 May 2014 - 04:01 AM

Hi Toffee

Thanks for your reply below is one of the logs. Sorry have been using firefox rather than internet explorer as have been told it is unstable and has problems and cannot find the other log.

 

Thanks

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by HP (administrator) on HP-PC on 02-05-2014 09:45:21
Running from C:\Users\HP\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-27] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-17] (SUPERAntiSpyware)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\MountPoints2: {5597aa0e-065b-11e3-a218-2c27d7ad9046} - E:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7274E1B6B45FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {46025ECA-D290-4AB1-3201-208873214626} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=GB&userid=01e2eecb-128d-6bd6-d1d1-1a4a0ffc8cdf&searchtype=ds&q={searchTerms}&installDate=02/04/2014
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=GB&userid=01e2eecb-128d-6bd6-d1d1-1a4a0ffc8cdf&searchtype=ds&q={searchTerms}&installDate=02/04/2014
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46025ECA-D290-4AB1-3201-208873214626} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: SavingsBull - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\SavingsBull@jetpack [2014-03-04]
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
FF Extension: WOT - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-22]
FF Extension: MySearchDial - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-10-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Skype Click to Call) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-02 09:45 - 2014-05-02 09:45 - 00019627 _____ () C:\Users\HP\Downloads\FRST.txt
2014-05-02 09:41 - 2014-05-02 09:41 - 02062336 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-05-02 09:32 - 2014-05-02 09:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 09:30 - 2014-05-02 09:30 - 00282800 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 29.0.exe
2014-04-28 16:49 - 2014-04-28 16:50 - 36990242 _____ () C:\Users\HP\Desktop\04.24.14_massey_richard_two.mp3.hix6f96.partial
2014-04-28 12:13 - 2014-04-28 12:13 - 00036749 _____ () C:\Users\HP\Desktop\RKreport[0]_S_04282014_121317.txt
2014-04-28 12:08 - 2014-04-28 16:34 - 00000000 ____D () C:\Users\HP\Desktop\RK_Quarantine
2014-04-25 17:38 - 2014-04-25 17:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-25 17:38 - 2014-04-25 17:38 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-24 17:50 - 2014-04-24 17:50 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-04-24 17:49 - 2014-04-25 16:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-24 17:47 - 2014-04-24 17:47 - 00929416 _____ (CNET Download.com) C:\Users\HP\Desktop\cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe
2014-04-24 12:20 - 2014-04-24 12:20 - 04527616 _____ () C:\Users\HP\Desktop\RogueKillerX64.exe
2014-04-10 15:04 - 2014-04-10 15:04 - 00023552 ____H () C:\Users\HP\Desktop\~WRL2954.tmp
2014-04-10 13:55 - 2014-04-10 13:55 - 00000000 ____D () C:\Users\HP\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-04-07 17:36 - 2014-04-07 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter
2014-04-07 17:34 - 2014-04-07 17:35 - 90396104 _____ (The GIMP Team ) C:\Users\HP\Desktop\gimp-2.8.10-setup.exe
2014-04-02 15:16 - 2014-04-02 15:16 - 00000000 ____D () C:\Users\HP\AppData\Local\Apple Computer
2014-04-02 14:58 - 2014-04-03 15:43 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Apple Computer
2014-04-02 14:56 - 2014-04-02 14:56 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-02 14:54 - 2014-04-02 14:54 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Users\HP\AppData\Local\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\ProgramData\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-02 14:53 - 2014-04-02 14:53 - 40437664 _____ (Apple Inc.) C:\Users\HP\Desktop\QuickTimeInstaller.exe
2014-04-02 14:18 - 2014-04-02 14:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 14:18 - 2014-04-02 14:18 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-02 14:18 - 2014-04-02 14:18 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-02 14:17 - 2014-04-02 14:17 - 00002147 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-02 14:15 - 2014-04-02 14:37 - 00000000 ____D () C:\Users\HP\AppData\Local\ACCCx2_5_1_369
2014-04-02 11:46 - 2014-04-02 11:46 - 00000000 ____D () C:\Users\HP\AppData\Local\IsolatedStorage
2014-04-02 11:45 - 2014-04-25 16:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DigitalSites
2014-04-02 11:45 - 2014-04-24 12:36 - 00000086 _____ () C:\Users\HP\AppData\Roaming\WB.CFG
2014-04-02 11:45 - 2014-04-02 11:45 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-04-02 11:38 - 2014-04-02 11:53 - 00000000 ____D () C:\Users\HP\AppData\Roaming\XnView
2014-04-02 11:37 - 2014-04-02 11:38 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView

==================== One Month Modified Files and Folders =======

2014-05-02 09:45 - 2014-05-02 09:45 - 00019627 _____ () C:\Users\HP\Downloads\FRST.txt
2014-05-02 09:45 - 2014-03-12 18:56 - 00000000 ____D () C:\FRST
2014-05-02 09:41 - 2014-05-02 09:41 - 02062336 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-05-02 09:34 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-02 09:34 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-02 09:32 - 2014-05-02 09:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 09:32 - 2014-03-04 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 09:32 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-02 09:30 - 2014-05-02 09:30 - 00282800 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 29.0.exe
2014-05-02 09:26 - 2014-03-10 18:39 - 00005500 _____ () C:\Windows\setupact.log
2014-05-02 09:26 - 2013-08-16 12:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-02 09:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 09:25 - 2013-08-19 19:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 09:14 - 2013-10-22 16:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-05-02 09:14 - 2013-05-20 17:15 - 01717424 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 12:15 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-01 12:12 - 2013-09-09 17:12 - 00003128 _____ () C:\Windows\System32\Tasks\proXPN
2014-05-01 12:11 - 2013-08-18 17:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-30 09:44 - 2013-05-24 18:21 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-29 14:55 - 2013-08-19 19:06 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 14:55 - 2013-08-19 19:06 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 14:55 - 2013-08-19 19:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:00 - 2013-09-25 15:51 - 00000000 ____D () C:\Users\HP\Desktop\lynn
2014-04-28 16:50 - 2014-04-28 16:49 - 36990242 _____ () C:\Users\HP\Desktop\04.24.14_massey_richard_two.mp3.hix6f96.partial
2014-04-28 16:34 - 2014-04-28 12:08 - 00000000 ____D () C:\Users\HP\Desktop\RK_Quarantine
2014-04-28 12:13 - 2014-04-28 12:13 - 00036749 _____ () C:\Users\HP\Desktop\RKreport[0]_S_04282014_121317.txt
2014-04-25 17:38 - 2014-04-25 17:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-25 17:38 - 2014-04-25 17:38 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-25 17:38 - 2013-08-19 19:05 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-04-25 17:37 - 2013-09-25 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-25 17:37 - 2013-09-25 15:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-25 16:05 - 2014-03-11 16:22 - 00042808 _____ () C:\Windows\PFRO.log
2014-04-25 16:04 - 2014-04-24 17:49 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-25 16:04 - 2014-04-02 11:45 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DigitalSites
2014-04-25 09:40 - 2013-05-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 17:50 - 2014-04-24 17:50 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-04-24 17:47 - 2014-04-24 17:47 - 00929416 _____ (CNET Download.com) C:\Users\HP\Desktop\cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe
2014-04-24 12:36 - 2014-04-02 11:45 - 00000086 _____ () C:\Users\HP\AppData\Roaming\WB.CFG
2014-04-24 12:20 - 2014-04-24 12:20 - 04527616 _____ () C:\Users\HP\Desktop\RogueKillerX64.exe
2014-04-23 15:14 - 2013-05-20 20:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
2014-04-10 15:04 - 2014-04-10 15:04 - 00023552 ____H () C:\Users\HP\Desktop\~WRL2954.tmp
2014-04-10 13:55 - 2014-04-10 13:55 - 00000000 ____D () C:\Users\HP\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-04-10 13:55 - 2013-05-20 18:02 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Adobe
2014-04-07 17:36 - 2014-04-07 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter
2014-04-07 17:35 - 2014-04-07 17:34 - 90396104 _____ (The GIMP Team ) C:\Users\HP\Desktop\gimp-2.8.10-setup.exe
2014-04-05 11:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 15:43 - 2014-04-02 14:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Apple Computer
2014-04-02 15:16 - 2014-04-02 15:16 - 00000000 ____D () C:\Users\HP\AppData\Local\Apple Computer
2014-04-02 14:56 - 2014-04-02 14:56 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 14:56 - 2014-04-02 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-02 14:54 - 2014-04-02 14:54 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Users\HP\AppData\Local\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\ProgramData\Apple
2014-04-02 14:54 - 2014-04-02 14:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-02 14:53 - 2014-04-02 14:53 - 40437664 _____ (Apple Inc.) C:\Users\HP\Desktop\QuickTimeInstaller.exe
2014-04-02 14:38 - 2013-05-20 18:01 - 00000000 ____D () C:\Users\HP
2014-04-02 14:37 - 2014-04-02 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-02 14:37 - 2014-04-02 14:15 - 00000000 ____D () C:\Users\HP\AppData\Local\ACCCx2_5_1_369
2014-04-02 14:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-04-02 14:18 - 2014-04-02 14:18 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-02 14:18 - 2014-04-02 14:18 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-02 14:17 - 2014-04-02 14:17 - 00002147 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-02 11:53 - 2014-04-02 11:38 - 00000000 ____D () C:\Users\HP\AppData\Roaming\XnView
2014-04-02 11:52 - 2013-05-20 18:02 - 00000000 ___RD () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-02 11:46 - 2014-04-02 11:46 - 00000000 ____D () C:\Users\HP\AppData\Local\IsolatedStorage
2014-04-02 11:45 - 2014-04-02 11:45 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-04-02 11:38 - 2014-04-02 11:37 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\airFE6F.exe
C:\Users\HP\AppData\Local\Temp\BackupSetup.exe
C:\Users\HP\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\HP\AppData\Local\Temp\ntdll_dump.dll
C:\Users\HP\AppData\Local\Temp\proXPN-2.7.0-install001.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 12:46

==================== End Of Log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 02 May 2014 - 10:55 AM

Hi cosmos600,
 
The vulnerability with IE is fixed, see this post to make sure you have all the latest updates, including the fix for this.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 06 May 2014 - 12:22 PM

Hi cosmos600,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 07 May 2014 - 10:06 AM

Hi Toffee

 

Sorry for delay in reply had problems with running the download program below is the log

thanks

 

# AdwCleaner v3.207 - Report created 07/05/2014 at 16:02:13
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : HP - HP-PC
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searchplugins\conduit-search.xml
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found : C:\Users\HP\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\HP\AppData\Local\Temp\Mega Browse
Folder Found : C:\Users\HP\AppData\LocalLow\Smartbar
Folder Found : C:\Users\HP\AppData\Roaming\DigitalSites
Folder Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\SavingsBull@jetpack
Folder Found : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.snapdo.com/?publisher=AirInstaller&dpid=AirInstaller&co=GB&userid=01e2eecb-128d-6bd6-d1d1-1a4a0ffc8cdf&searchtype=sc&installDate=02/04/2014 )

***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Found : HKLM\Software\mysearchdial
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir=

-\\ Mozilla Firefox v29.0 (en-GB)

[ File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\prefs.js ]

Line Found : user_pref("extensions.mysearchdial.aflt", "dnldmsd");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q");
Line Found : user_pref("extensions.mysearchdial.cr", "2002946080");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q[...]
Line Found : user_pref("extensions.mysearchdial.id", "C0F8DA662FB12374");
Line Found : user_pref("extensions.mysearchdial.instlDay", "15995");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "");
Line Found : user_pref("extensions.mysearchdial.vrsni", "");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "22:42:51");

-\\ Google Chrome v

[ File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV=
Found [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV=
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [10783 octets] - [07/05/2014 14:01:00]
AdwCleaner[R1].txt - [11361 octets] - [07/05/2014 15:57:45]
AdwCleaner[R2].txt - [11172 octets] - [07/05/2014 16:02:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [11233 octets] ##########



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 09 May 2014 - 10:58 AM

Hi cosmos600,
 
Sorry about the delay, was busy with some exams.
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check in the box for Addition.txt under the optional scan, and press the scan button. It will produce a FRST.txt and an addition.txt log located on the desktop.

 

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • New FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 12 May 2014 - 11:09 AM

Hi cosmos600,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 12 May 2014 - 01:02 PM

Hi Toffee

Sorry for delay below are the logs,

many thanks

 

# AdwCleaner v3.208 - Report created 12/05/2014 at 18:51:55
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : HP - HP-PC
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Users\HP\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\HP\AppData\Local\Temp\Mega Browse
Folder Deleted : C:\Users\HP\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\HP\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\SavingsBull@jetpack
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0 (en-GB)

[ File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldmsd");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q");
Line Deleted : user_pref("extensions.mysearchdial.cr", "2002946080");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "C0F8DA662FB12374");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "15995");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "22:42:51");

-\\ Google Chrome v

[ File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=55&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [10783 octets] - [07/05/2014 14:01:00]
AdwCleaner[R1].txt - [11361 octets] - [07/05/2014 15:57:45]
AdwCleaner[R2].txt - [11422 octets] - [07/05/2014 16:02:13]
AdwCleaner[R3].txt - [11148 octets] - [12/05/2014 18:48:40]
AdwCleaner[S0].txt - [10246 octets] - [12/05/2014 18:51:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10307 octets] ##########

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by HP at 2014-05-12 18:59:28
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0804.255.3304 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60804.0047 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0804.255.3304 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{96BB7EC1-BE6E-1616-3E92-086D617A9D49}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0804.255.3304 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0804.255.3304 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0804.255.3304 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help English (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help French (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help German (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
ccc-utility64 (Version: 2011.0804.255.3304 - ATI) Hidden
ContentSAFER for Wizmax (HKLM-x32\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EmoDio (HKLM-x32\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - Samsung)
EmoDio (x32 Version: 1.0 - Samsung) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{FE1141B3-F498-4144-A30C-25F4C6AD725A}) (Version: 3.0.1.9387 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-GB)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
proXPN 2.5.3 (HKLM-x32\...\proXPN) (Version: 2.5.3 - )
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.5.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D662119-E3F9-40E8-8938-F9EB71AC62B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {26AD922F-02C0-4574-8335-1FD145E25299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4B1BC075-5B6C-4A6E-993A-C67CD12CC7C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {662D019D-4656-4142-B6E9-D74270A1D71E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {90AD1FA3-B1EF-476C-B224-BCADDB6837A5} - System32\Tasks\proXPN => C:\Program Files (x86)\proXPN\bin\proxpn.exe [2013-07-11] (proXPN.com)
Task: {AEBE3BF5-D706-465C-970F-D48C8C8F78A8} - \AutoKMS No Task File <==== ATTENTION
Task: {BDD69A03-AB36-4E20-919B-F9DFA3165681} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {F25A4AF0-888B-4601-9E8D-B6401A3AA0AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2011-08-04 03:05 - 2011-08-04 03:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-04 03:05 - 2011-08-04 03:05 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-08-04 02:53 - 2011-08-04 02:53 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-05-12 16:36 - 2014-05-12 07:39 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14051200\algo.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 05:51:22 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07

Error: (05/05/2014 05:51:21 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07

Error: (05/05/2014 05:36:24 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07

Error: (05/05/2014 05:36:23 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07

Error: (04/24/2014 05:49:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe, version: 5.4.0.188, time stamp: 0x532a30ef
Faulting module name: comctl32.dll, version: 6.10.7601.17514, time stamp: 0x4ce7b71c
Exception code: 0xc0000409
Fault offset: 0x00096a8d
Faulting process id: 0x19b0
Faulting application start time: 0xcbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe0
Faulting application path: cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe1
Faulting module path: cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe2
Report Id: cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe3

Error: (04/16/2014 00:00:16 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1330

Start Time: 01cf59627ceb88fd

Termination Time: 180

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/10/2014 03:48:28 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: atidxx32.dll, version: 8.17.10.337, time stamp: 0x4d6bd197
Exception code: 0xc0000005
Fault offset: 0x00015563
Faulting process id: 0x8e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/10/2014 00:43:13 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20f8

Start Time: 01cf54b205c5151f

Termination Time: 20

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/07/2014 06:58:54 PM) (Source: System Restore) (User: ) (EventID: 8211)
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (04/07/2014 06:58:54 PM) (Source: System Restore) (User: ) (EventID: 8193)
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

System errors:
=============
Error: (05/12/2014 06:54:55 PM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10016)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/12/2014 06:53:43 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/12/2014 05:16:54 PM) (Source: volsnap) (User: ) (EventID: 36)
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/12/2014 04:35:40 PM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10016)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/12/2014 04:34:28 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/09/2014 06:46:00 PM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10016)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/09/2014 06:43:28 PM) (Source: EventLog) (User: ) (EventID: 6008)
Description: The previous system shutdown at 18:32:47 on ‎09/‎05/‎2014 was unexpected.

Error: (05/09/2014 03:18:21 PM) (Source: Disk) (User: ) (EventID: 11)
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/09/2014 03:18:21 PM) (Source: Disk) (User: ) (EventID: 11)
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/09/2014 03:18:20 PM) (Source: Disk) (User: ) (EventID: 11)
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (05/05/2014 05:51:22 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (05/05/2014 05:51:21 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (05/05/2014 05:36:24 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (05/05/2014 05:36:23 PM) (Source: .NET Runtime Optimization Service) (User: ) (EventID: 1101)
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (04/24/2014 05:49:56 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe5.4.0.188532a30efcomctl32.dll6.10.7601.175144ce7b71cc000040900096a8d19b001cf5fdcf9e71ab0C:\Users\HP\Desktop\cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll769f45bb-cbd0-11e3-92f6-c0f8dafb4467

Error: (04/16/2014 00:00:16 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.16428133001cf59627ceb88fd180C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (04/10/2014 03:48:28 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: IEXPLORE.EXE11.0.9600.16428525b664catidxx32.dll8.17.10.3374d6bd197c0000005000155638e801cf54b205c0a84aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll2cd8a7de-c0bf-11e3-8670-c0f8dafb4467

Error: (04/10/2014 00:43:13 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.1642820f801cf54b205c5151f20C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (04/07/2014 06:58:54 PM) (Source: System Restore) (User: ) (EventID: 8211)
Description: 0x81000101

Error: (04/07/2014 06:58:54 PM) (Source: System Restore) (User: ) (EventID: 8193)
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3689.9 MB
Available physical RAM: 2291.52 MB
Total Pagefile: 7377.98 MB
Available Pagefile: 5345.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.44 GB) (Free:1.21 GB) NTFS
Drive d: () (Fixed) (Total:263.55 GB) (Free:256.78 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:2.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1540871D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=264 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by HP (administrator) on HP-PC on 12-05-2014 18:58:12
Running from C:\Users\HP\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-27] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SMSTray] => C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-17] (SUPERAntiSpyware)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\MountPoints2: {5597aa0e-065b-11e3-a218-2c27d7ad9046} - E:\SETUP.EXE
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7274E1B6B45FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {46025ECA-D290-4AB1-3201-208873214626} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46025ECA-D290-4AB1-3201-208873214626} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
FF Extension: WOT - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M88D8EF6F-431A-4CCE-95A9-A19520F41431&SearchSource=58&CUI=&UM=5&UP=SP02E62776-AB90-477D-85C5-1076C758D056&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Skype Click to Call) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-18] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-12 18:58 - 2014-05-12 18:58 - 00017556 _____ () C:\Users\HP\Desktop\FRST.txt
2014-05-12 18:57 - 2014-05-12 18:57 - 02066944 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-05-12 18:47 - 2014-05-12 18:47 - 01325827 _____ () C:\Users\HP\Desktop\AdwCleaner.exe
2014-05-09 18:54 - 2014-05-09 18:54 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Windows\en-gb
2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Windows\en
2014-05-09 18:53 - 2014-05-09 18:53 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-09 18:46 - 2014-05-09 18:46 - 01239752 _____ (Microsoft Corporation) C:\Users\HP\Desktop\wlsetup-web.exe
2014-05-09 18:18 - 2014-05-09 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-09 18:17 - 2014-05-09 18:53 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-09 18:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-05-09 18:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-09 18:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-09 18:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-05-09 18:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-09 18:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-05-09 18:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-09 18:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-05-09 18:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-05-09 18:15 - 2014-05-09 18:50 - 00000906 _____ () C:\Windows\DirectX.log
2014-05-09 18:15 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-05-09 18:15 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-05-09 18:13 - 2014-05-09 18:13 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live
2014-05-09 17:41 - 2014-05-09 18:05 - 00000000 ____D () C:\Users\HP\AppData\Roaming\avidemux
2014-05-07 14:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-07 14:00 - 2014-05-12 18:52 - 00000000 ____D () C:\AdwCleaner
2014-05-05 22:19 - 2014-05-05 22:38 - 00000000 ____D () C:\Users\HP\Desktop\New folder
2014-05-05 17:37 - 2014-05-05 17:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-05 17:36 - 2014-05-05 17:49 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-05-05 17:36 - 2014-05-05 17:36 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\Documents\samsung
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Samsung
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Samsung
2014-05-05 17:33 - 2014-05-05 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-05 17:33 - 2014-05-05 17:33 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-05-05 17:31 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-05-05 17:31 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-05-05 17:29 - 2014-05-05 17:33 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-05 17:25 - 2014-05-05 17:25 - 00000000 ____D () C:\Users\HP\AppData\Local\Downloaded Installations
2014-05-05 17:24 - 2014-05-05 17:24 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\HP\Desktop\KiesSetup.exe
2014-05-02 09:45 - 2014-05-02 09:46 - 00032856 _____ () C:\Users\HP\Downloads\FRST.txt
2014-05-02 09:41 - 2014-05-02 09:41 - 02062336 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-05-02 09:32 - 2014-05-02 09:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 09:30 - 2014-05-02 09:30 - 00282800 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 29.0.exe
2014-04-24 17:50 - 2014-04-24 17:50 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-04-24 17:47 - 2014-04-24 17:47 - 00929416 _____ (CNET Download.com) C:\Users\HP\Desktop\cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe
2014-04-24 12:20 - 2014-04-24 12:20 - 04527616 _____ () C:\Users\HP\Desktop\RogueKillerX64.exe

==================== One Month Modified Files and Folders =======

2014-05-12 18:58 - 2014-05-12 18:58 - 00017556 _____ () C:\Users\HP\Desktop\FRST.txt
2014-05-12 18:58 - 2014-03-12 18:56 - 00000000 ____D () C:\FRST
2014-05-12 18:57 - 2014-05-12 18:57 - 02066944 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-05-12 18:56 - 2013-05-20 17:15 - 01788140 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 18:53 - 2014-03-10 18:39 - 00007762 _____ () C:\Windows\setupact.log
2014-05-12 18:53 - 2013-08-16 12:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-05-12 18:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 18:52 - 2014-05-07 14:00 - 00000000 ____D () C:\AdwCleaner
2014-05-12 18:52 - 2014-04-02 14:17 - 00001079 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-12 18:52 - 2014-03-11 16:22 - 00045302 _____ () C:\Windows\PFRO.log
2014-05-12 18:47 - 2014-05-12 18:47 - 01325827 _____ () C:\Users\HP\Desktop\AdwCleaner.exe
2014-05-12 16:51 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 16:41 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 16:41 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 16:38 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-12 16:34 - 2013-08-18 17:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-09 18:54 - 2014-05-09 18:54 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Windows\en-gb
2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Windows\en
2014-05-09 18:53 - 2014-05-09 18:53 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-09 18:53 - 2014-05-09 18:17 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-09 18:50 - 2014-05-09 18:15 - 00000906 _____ () C:\Windows\DirectX.log
2014-05-09 18:46 - 2014-05-09 18:46 - 01239752 _____ (Microsoft Corporation) C:\Users\HP\Desktop\wlsetup-web.exe
2014-05-09 18:43 - 2013-05-20 18:01 - 00000000 ____D () C:\Users\HP
2014-05-09 18:27 - 2013-09-25 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-09 18:27 - 2013-09-25 15:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-09 18:18 - 2014-05-09 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-05-09 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-09 18:13 - 2014-05-09 18:13 - 00000000 ____D () C:\Users\HP\AppData\Local\Windows Live
2014-05-09 18:05 - 2014-05-09 17:41 - 00000000 ____D () C:\Users\HP\AppData\Roaming\avidemux
2014-05-09 18:03 - 2013-10-22 16:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-05-09 14:18 - 2013-09-30 18:40 - 00000000 ____D () C:\Users\HP\Documents\SelfMV
2014-05-07 10:21 - 2013-05-24 18:21 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-05 22:38 - 2014-05-05 22:19 - 00000000 ____D () C:\Users\HP\Desktop\New folder
2014-05-05 17:49 - 2014-05-05 17:36 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-05-05 17:37 - 2014-05-05 17:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-05 17:36 - 2014-05-05 17:36 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\Documents\samsung
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Samsung
2014-05-05 17:36 - 2014-05-05 17:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Samsung
2014-05-05 17:35 - 2013-09-06 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-05 17:33 - 2014-05-05 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-05 17:33 - 2014-05-05 17:33 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-05-05 17:33 - 2014-05-05 17:29 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-05 17:31 - 2013-09-06 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-05 17:31 - 2013-05-20 19:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-05 17:25 - 2014-05-05 17:25 - 00000000 ____D () C:\Users\HP\AppData\Local\Downloaded Installations
2014-05-05 17:24 - 2014-05-05 17:24 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\HP\Desktop\KiesSetup.exe
2014-05-02 10:29 - 2013-09-25 15:51 - 00000000 ____D () C:\Users\HP\Desktop\lynn
2014-05-02 09:46 - 2014-05-02 09:45 - 00032856 _____ () C:\Users\HP\Downloads\FRST.txt
2014-05-02 09:41 - 2014-05-02 09:41 - 02062336 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2014-05-02 09:32 - 2014-05-02 09:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 09:32 - 2014-05-02 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 09:32 - 2014-03-04 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 09:30 - 2014-05-02 09:30 - 00282800 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 29.0.exe
2014-05-01 12:12 - 2013-09-09 17:12 - 00003128 _____ () C:\Windows\System32\Tasks\proXPN
2014-04-25 17:38 - 2013-08-19 19:05 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-04-25 09:40 - 2013-05-20 20:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 17:50 - 2014-04-24 17:50 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps
2014-04-24 17:47 - 2014-04-24 17:47 - 00929416 _____ (CNET Download.com) C:\Users\HP\Desktop\cbsidlm-cbsi188-JetVideo_Basic_VX-BP-75448539.exe
2014-04-24 12:36 - 2014-04-02 11:45 - 00000086 _____ () C:\Users\HP\AppData\Roaming\WB.CFG
2014-04-24 12:20 - 2014-04-24 12:20 - 04527616 _____ () C:\Users\HP\Desktop\RogueKillerX64.exe
2014-04-23 15:14 - 2013-05-20 20:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\airFE6F.exe
C:\Users\HP\AppData\Local\Temp\BackupSetup.exe
C:\Users\HP\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\HP\AppData\Local\Temp\ntdll_dump.dll
C:\Users\HP\AppData\Local\Temp\proXPN-2.7.0-install001.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-09 23:45

==================== End Of Log ============================



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 13 May 2014 - 11:22 AM

Hi,
 
I see a few lines in your log which are related to cracks, torrents and keygens (specifically related to Microsoft office). I shall provide this warning:
 
The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
Task: {AEBE3BF5-D706-465C-970F-D48C8C8F78A8} - \AutoKMS No Task File <==== ATTENTION
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
C:\Program Files (x86)\FastClean PRO
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [url=http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir[/url]=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [url=http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir[/url]=
SearchScopes: HKLM - {46025ECA-D290-4AB1-3201-208873214626} URL = [url=http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir]http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir[/url]=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46025ECA-D290-4AB1-3201-208873214626} URL =
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

  • Click the Chrome menu (the three lines on the top right of the browser toolbar).
  • Select Settings.
  • In the "Search" section, click Manage search engines.
  • Check if (Default) is displayed next to your preferred search engine. If not, hover the mouse over it and click Make default.
  • Hover the mouse over any other suspicious search engine entries (conduit) that are not familiar and click X to remove them.

--------------
 
Does savingbull still appear in the control panel, and how is your computer running?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Whether savingbull appears and how your computer is running

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 14 May 2014 - 07:54 AM

Hi

Thanks for your reply. A bit worried about the Trojan on the computer. I bought it second hand online and thought I got rid of the torrent type stuff on it. I sometimes use gizmo free ware website because I thought it was safe and legal to download freeware available on the web from this site. I have never downloaded any illegal software on to the computer since getting it a couple of years ago. Do you think I can ever get the computer clean again concerned because I use it for work when travelling. Have also noticed that have hardly any space on the computer although I do not think there is much on it? In the past have been told that need 5 GB of space for the computer to run smoothly, confused as to what is taking up all the space. Savings bull has been removed many thanks for your help. Computer is running a lot more smoothly. Below is the log, confused as to chrome I do not appear to have it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by HP at 2014-05-14 13:33:59 Run:3
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {AEBE3BF5-D706-465C-970F-D48C8C8F78A8} - \AutoKMS No Task File <==== ATTENTION
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
C:\Program Files (x86)\FastClean PRO
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
SearchScopes: HKLM - {46025ECA-D290-4AB1-3201-208873214626} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0ByEyEyCyBtBtAyByEtN0D0Tzu0SzztBtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0B0AtA0F0ByBzytGyB0FyDyEtGyDyCzzyEtG0EyD0EyDtGyDzztCtAyDyB0E0E0D0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0BtBtB0CyEyCyCtGtAzzyE0DtGtD0FtCtAtGtByByCtCtGtBtB0CzyyBtBzz0CtD0A0CyB2Q&cr=1307451033&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {46025ECA-D290-4AB1-3201-208873214626} URL =
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AEBE3BF5-D706-465C-970F-D48C8C8F78A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEBE3BF5-D706-465C-970F-D48C8C8F78A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
HKU\S-1-5-21-3716241306-373648678-3865269016-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fastclean => Value deleted successfully.
"C:\Program Files (x86)\FastClean PRO" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46025ECA-D290-4AB1-3201-208873214626} => Key deleted successfully.
HKCR\CLSID\{46025ECA-D290-4AB1-3201-208873214626} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46025ECA-D290-4AB1-3201-208873214626} => Key deleted successfully.
HKCR\CLSID\{46025ECA-D290-4AB1-3201-208873214626} => Key not found.
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged => Moved successfully.

==== End of Fixlog ====



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 14 May 2014 - 01:08 PM

Hi cosmos600,
 

Thanks for your reply. A bit worried about the Trojan on the computer. I bought it second hand online and thought I got rid of the torrent type stuff on it. I sometimes use gizmo free ware website because I thought it was safe and legal to download freeware available on the web from this site. I have never downloaded any illegal software on to the computer since getting it a couple of years ago.

Savingbull is not a trojan, more a PUP (potential Unwanted Program). However, torrents can contain all sorts of nasty malware sometimes. I must say this is one of the more common torrents and is not known to contain malware. You can never be completely certain what a torrent can do though, and that's why it's best to avoid them all. It's something you should be wary of when using a second hand computer, and is good practice to completely wipe the system.
 

Do you think I can ever get the computer clean again concerned because I use it for work when travelling

Apart from a few PUP programs and toolbars which I have cleared up, your logs are looking good and I would not think there is much risk to using the computer like you have been doing. I wouldn't worry about it being infected.
 

Have also noticed that have hardly any space on the computer although I do not think there is much on it? In the past have been told that need 5 GB of space for the computer to run smoothly, confused as to what is taking up all the space

Yes, you do have a lack of space. Really you should have about 20% free (6 GB) and you currently have 1 GB. What are you using the D drive for?
 
The Chrome entries are leftovers, I can remove them if you want, but it means installing Chrome temporarily to do so.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 15 May 2014 - 03:23 AM

Hi Toffee

 

Thanks for your reply. I do not understand the D drive nothing is on it except format factory conversion audio and video files, how do I utilise it for other things. internet explorer is blank and not working could I possibly get it back or shall I install chrome is that safer better to use. Also is it worth installing more hard drive if the computer will run quicker .

 

Many Thanks



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:36 AM

Posted 15 May 2014 - 10:53 AM

Hi cosmos600,

 

Is your D drive an external harddrive, or external storage? If so, you could use that to store files and install programs on by copying them across and choosing where the program installs. It might not make too much difference in speed, but your computer would have more stability and would not possibly run out of space (which really does cause problems).

 

See here on how to reset IE, tell me if that solves the IE problem. It's really up to on which browser you use, personally I prefer Chrome and find it faster than IE.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 cosmos600

cosmos600
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 19 May 2014 - 03:02 AM

Hi Toffee
sorry for late reply, would like to try chrome and get rid of internet explorer do I just download and delete ie off computer.

thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users