Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with FastFix Pro


  • This topic is locked This topic is locked
48 replies to this topic

#1 ggholcomb

ggholcomb

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 19 August 2014 - 08:35 AM

Do not know how to remove it.  Will not uninstall and shows pop up on reboot.  Have used Rkill and Malwarebytes Anti Malware.  Also ran ESET

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.5.1
Run by Gary at 8:21:10 on 2014-08-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1918.593 [GMT -5:00]
.
AV: Trend Micro Titanium Antivirus+ *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Antivirus+ *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\kbd\kbd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://att.net
mStart Page = about:blank
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: MRI_DISABLED - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\video downloader\ArcURLRecord.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - c:\program files\arcsoft\raw thumbnail viewer\EXIFToolBar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - c:\program files\arcsoft\raw thumbnail viewer\EXIFToolBar.dll
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [Windows Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [2Wire Wireless Manager] "c:\program files\2wire wireless manager\2Wire.exe" -a
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"
mRun: [WLM] "c:\program files\trend micro\titanium\plugin\tmas\tmas_wlm\TMAS_WLMMon.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\gary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2B901F7B-9979-4BFA-BAB3-8135AFCB10C0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{32D3F56D-DD8D-40FD-9D16-3C17B1274977} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [2014-6-9 40736]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2014-6-9 83864]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-19 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-18 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-18 860472]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2014-6-5 93040]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-3 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-18 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-18 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-18 51928]
R3 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2014-6-9 85280]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2014-6-9 282272]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2014-6-9 287256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 gupdate1c9950bc7e8f3fc;Google Update Service (gupdate1c9950bc7e8f3fc);c:\program files\google\update\GoogleUpdate.exe [2009-2-22 133104]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 2WXG7053;2W 802.11g XG705 SP3 Driver;c:\windows\system32\drivers\wlanUIG.sys [2007-4-24 358304]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-20 1174152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-08-19 06:41:38 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4501511-7d9f-4228-8087-9085f3851406}\offreg.dll
2014-08-19 06:24:25 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4501511-7d9f-4228-8087-9085f3851406}\mpengine.dll
2014-08-18 22:03:43 -------- d-----w- c:\program files\ESET
2014-08-18 18:06:01 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 18:05:32 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 18:05:32 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 18:05:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-18 18:05:31 -------- d-----w- c:\programdata\Malwarebytes
2014-08-18 18:05:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-18 14:07:16 -------- d-----w- c:\users\gary\appdata\local\FixSoft_USA
2014-08-18 14:06:21 -------- d-----w- c:\program files\FastFixPRO
2014-08-18 14:05:20 -------- d-----w- c:\users\gary\appdata\roaming\FixSoft USA
2014-08-14 15:11:02 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 15:11:02 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 15:11:02 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 15:10:58 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 13:47:12 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-14 13:47:12 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-14 13:47:11 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-14 13:47:11 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 13:47:11 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-14 13:46:49 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 13:46:49 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-14 13:46:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-08 15:37:27 -------- d-----w- c:\users\gary\appdata\local\Adobe
2014-08-04 22:13:10 -------- d-----w- c:\program files\iPod
2014-08-04 22:12:47 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-04 22:12:47 -------- d-----w- c:\program files\iTunes
2014-07-28 23:02:04 -------- d-----w- c:\users\gary\appdata\roaming\.minecraft
.
==================== Find3M  ====================
.
2014-08-06 14:29:46 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-06 14:29:45 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-05 14:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-28 23:12:29 209432 ----a-w- c:\windows\RegBootClean.exe
2014-06-09 16:08:12 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH:  8:23:35.77 ===============
 



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 20 August 2014 - 06:29 AM


Hello ggholcomb

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 20 August 2014 - 07:27 AM

Thank you, on the road today. Will get started late today or first thing in the morning.

#4 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 20 August 2014 - 02:05 PM

Ran AdwCleaner please find txt below.  Downloading Junkware Removal Tool.  FastFix Pro still poping up after computer reboots.

 

# AdwCleaner v3.307 - Report created 20/08/2014 at 13:48:55
# Updated 17/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Gary - HOLCOMB-PC
# Running from : C:\Users\Gary\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Brandon\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Gary\Documents\Optimizer Pro
Folder Deleted : C:\Users\Maugie.Holcomb-PC\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\NICOLE\AppData\LocalLow\AskToolbar
File Deleted : C:\Windows\system32\GroupPolicy\Machine\Registry.pol

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Maugie.Holcomb-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

*************************

AdwCleaner[R0].txt - [5286 octets] - [20/08/2014 13:34:35]
AdwCleaner[S0].txt - [5301 octets] - [20/08/2014 13:48:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5361 octets] ##########



#5 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 20 August 2014 - 03:12 PM

Ran Junkware removal tool 8/20.  TXT below.  System seems to be running faster.  Programs are opening faster and Internet Explorer running faster.  After reboot FastFix still shows popup.  FastFix still in program files. 

 

unkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Gary on Wed 08/20/2014 at 14:29:20.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4FF36647-C2B3-416C-A845-627076EBEB7C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6BA7B3E2-E9D0-4FD4-B24E-656852B300F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{F194CFD8-D3D5-42DF-805C-0087A161448F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\couponalert_2pinstaller.start.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{71E40095-D381-4FC8-BDA9-50E1DFA8AC83}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{71E40095-D381-4FC8-BDA9-50E1DFA8AC83}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Gary\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Gary\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/20/2014 at 14:39:18.00
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 20 August 2014 - 06:56 PM


Hello ggholcomb

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 21 August 2014 - 01:37 PM

downloaded ComboFix and started to run and go the message "found bad module, reboot to fix.  Rebooted and then after ComboFix started running it stopped again and got the message:  Freeware Implementation of XCACLS has stopped working.  A problem caused the program to stop working.  I rebooted and started ComboFix again.  Same thing happened.  Also lost internet service.  Had to reboot computer.  FastFix popup still comes up on startup.  Internet working ok again.  Also on startup got the messaged that Window Defender would not load properly because of missing file.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 21 August 2014 - 05:32 PM


Hello ggholcomb



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 21 August 2014 - 06:29 PM

Tried that. Got message that frst.exe could be harmful to computer. Now all I have is white screen. On reboot get message could not find file 0x800106ba. Thenn white screen.

#10 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 21 August 2014 - 06:51 PM

OK  did a couple reboots and screen is back to normal.  so is it safe to try again with Farbar Recovery Scan Tool?  Should micro Trend be shut off?



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 21 August 2014 - 07:03 PM

Yes go ahead the tool is safe

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 21 August 2014 - 07:25 PM

ok  got Farbar Recovery Scan to run:  Computer running normal again

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Gary (administrator) on HOLCOMB-PC on 21-08-2014 19:15:43
Running from C:\Users\Gary\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-25] (Realtek Semiconductor)
HKLM\...\Run: [2Wire Wireless Manager] => C:\Program Files\2Wire Wireless Manager\2Wire.exe [61440 2007-05-02] (2Wire)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\Windows\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-03-18] (HP)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-11-27] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [OE] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe [71456 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\Run: [Windows Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-11-26] (Google Inc.)
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\MountPoints2: {03239444-6503-11de-b796-001921f2c03d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\MountPoints2: {0568f3c6-6ef0-11de-b707-001921f2c03d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\MountPoints2: {0bc6024a-9ae1-11dc-b3e8-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\MountPoints2: {be371353-1ed3-11dd-be43-001921f2c03d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1089232015-4157962678-952299492-1000\...\MountPoints2: {bf9f9af6-1b74-11dc-b13e-001921f2c03d} - K:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {1DC01662-EE3E-4009-9958-A398B3515D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {1DC01662-EE3E-4009-9958-A398B3515D65} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {E1EDD231-96BB-4243-A54F-9DF46D15FEA2} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {EAF0A0B1-E2FB-4947-84B0-1665B09360D8} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {F0C0FC10-8F30-4B5C-A67C-F6BED7EF4706} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01]
FF HKLM\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
FF Extension: RAW Thumbnail Viewer - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011-09-11]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox
FF Extension: ArcSoft Video Downloader Extension - C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2011-09-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [2014-08-16]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-06-09]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Unity Player) - C:\Users\Gary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (RealDownloader) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-16]
CHR Extension: (Skype Click to Call) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-12]
CHR Extension: (Google Wallet) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
S2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
S2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-10-24] (Symantec Corporation)
S2 gupdate1c9950bc7e8f3fc; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-03-20] (Symantec Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 comHost; "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [X]
S3 ISPwdSvc; "c:\Program Files\Norton Internet Security\isPwdSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 SymAppCore; "c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 2WXG7053; C:\Windows\System32\DRIVERS\WlanUIG.sys [358304 2007-04-24] (Conexant Systems, Inc.) [File not signed]
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS [79240 2006-11-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS [831880 2006-11-05] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-05-02] (PCTEL Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Gary\AppData\Local\Temp\catchme.sys [X]
S1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [X]
S3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [X]
S3 SRTSP; System32\Drivers\SRTSP.SYS [X]
S3 SRTSPL; System32\Drivers\SRTSPL.SYS [X]
S1 SRTSPX; System32\Drivers\SRTSPX.SYS [X]
S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:15 - 2014-08-21 19:16 - 00030277 _____ () C:\Users\Gary\Desktop\FRST.txt
2014-08-21 19:15 - 2014-08-21 19:15 - 00000000 ____D () C:\FRST
2014-08-21 19:13 - 2014-08-21 19:13 - 01094144 _____ (Farbar) C:\Users\Gary\Desktop\FRST.exe
2014-08-21 09:34 - 2014-08-21 09:38 - 00000000 ___SD () C:\ComboFix
2014-08-21 08:16 - 2014-08-21 08:16 - 00000000 ____D () C:\Qoobox
2014-08-21 08:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-21 08:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-21 08:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-21 08:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-21 08:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-21 08:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-21 08:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-21 08:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-21 08:15 - 2014-08-21 08:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 07:56 - 2014-08-21 07:56 - 00003954 _____ () C:\Users\Gary\Desktop\gringo.txt
2014-08-21 07:49 - 2014-08-21 07:49 - 05572251 ____R (Swearware) C:\Users\Gary\Desktop\ComboFix.exe
2014-08-20 14:39 - 2014-08-20 14:39 - 00002093 _____ () C:\Users\Gary\Desktop\JRT.txt
2014-08-20 14:11 - 2014-08-20 14:11 - 00000000 ____D () C:\Windows\ERUNT
2014-08-20 14:00 - 2014-08-20 14:00 - 01016261 _____ (Thisisu) C:\Users\Gary\Desktop\JRT.exe
2014-08-20 13:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-20 13:34 - 2014-08-20 13:49 - 00000000 ____D () C:\AdwCleaner
2014-08-20 07:54 - 2014-08-20 07:54 - 01361671 _____ () C:\Users\Gary\Desktop\AdwCleaner.exe
2014-08-19 08:24 - 2014-08-19 08:27 - 00048571 _____ () C:\Users\Gary\Desktop\attach.txt
2014-08-19 08:24 - 2014-08-19 08:27 - 00018527 _____ () C:\Users\Gary\Desktop\dds.txt
2014-08-19 08:18 - 2014-08-19 08:18 - 00688992 ____R (Swearware) C:\Users\Gary\Desktop\dds.com
2014-08-18 20:31 - 2014-08-18 20:31 - 00000674 _____ () C:\Users\Gary\Desktop\esets scan.txt
2014-08-18 17:03 - 2014-08-18 17:03 - 00000000 ____D () C:\Program Files\ESET
2014-08-18 17:02 - 2014-08-18 17:02 - 02347384 _____ (ESET) C:\Users\Gary\Desktop\esetsmartinstaller_enu.exe
2014-08-18 17:01 - 2014-08-18 17:01 - 02347384 _____ (ESET) C:\Users\Gary\Downloads\esetsmartinstaller_enu.exe
2014-08-18 15:49 - 2014-08-18 15:49 - 00001061 _____ () C:\malware.txt
2014-08-18 15:12 - 2014-08-18 15:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Gary\Desktop\rkill.exe
2014-08-18 13:06 - 2014-08-21 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 13:05 - 2014-08-19 10:24 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-18 13:05 - 2014-08-18 13:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-18 13:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-18 13:05 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 13:01 - 2014-08-18 13:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gary\Desktop\aaaabc.exe
2014-08-18 12:34 - 2014-08-19 09:58 - 00002412 _____ () C:\Users\Gary\Desktop\Rkill.txt
2014-08-18 09:07 - 2014-08-21 18:48 - 00000000 ____D () C:\Users\Gary\Documents\FastFix
2014-08-18 09:07 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\AppData\Local\FixSoft_USA
2014-08-18 09:06 - 2014-08-18 09:11 - 00000000 ____D () C:\Program Files\FastFixPRO
2014-08-18 09:06 - 2014-08-18 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastFixPRO
2014-08-18 09:05 - 2014-08-18 09:05 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\FixSoft USA
2014-08-18 09:02 - 2014-08-21 07:59 - 00005565 _____ () C:\Windows\setupact.log
2014-08-18 09:02 - 2014-08-18 09:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 10:11 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:11 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 10:11 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:10 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 08:47 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:47 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:47 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:47 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 08:47 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:46 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:46 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:46 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-11 11:38 - 2014-08-14 09:45 - 01831936 _____ () C:\Users\Gary\Documents\GolfHandicapTracker.xls
2014-08-08 10:37 - 2014-08-08 10:37 - 00000000 ____D () C:\Users\Gary\AppData\Local\Adobe
2014-08-04 17:14 - 2014-08-04 17:14 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 17:14 - 2014-08-04 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 17:13 - 2014-08-04 17:13 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 17:12 - 2014-08-04 17:14 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-04 17:12 - 2014-08-04 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-28 18:04 - 2014-07-28 18:04 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 18:02 - 2014-07-28 18:02 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\.minecraft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 19:16 - 2014-08-21 19:15 - 00030277 _____ () C:\Users\Gary\Desktop\FRST.txt
2014-08-21 19:15 - 2014-08-21 19:15 - 00000000 ____D () C:\FRST
2014-08-21 19:13 - 2014-08-21 19:13 - 01094144 _____ (Farbar) C:\Users\Gary\Desktop\FRST.exe
2014-08-21 19:03 - 2009-07-02 16:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 18:48 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\Documents\FastFix
2014-08-21 18:46 - 2007-04-12 12:59 - 01139206 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 18:35 - 2014-08-18 13:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 18:35 - 2009-07-02 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 18:33 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 18:33 - 2006-11-02 07:47 - 00353776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 18:33 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 18:33 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 18:16 - 2006-11-02 08:01 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 17:51 - 2014-02-07 09:41 - 00002627 _____ () C:\Users\Gary\Desktop\Microsoft Office Word 2007.lnk
2014-08-21 17:25 - 2012-04-21 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 17:01 - 2014-01-10 12:08 - 00086655 _____ () C:\Users\Gary\Documents\MONEY.xlsx
2014-08-21 16:52 - 2007-06-16 17:59 - 00026624 _____ () C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 16:35 - 2007-09-17 17:21 - 00000000 ____D () C:\Users\Gary\AppData\Local\Paint.NET
2014-08-21 15:56 - 2013-03-23 12:12 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-08-21 15:54 - 2006-11-02 05:33 - 00824248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 13:23 - 2007-03-20 09:16 - 01826340 _____ () C:\Windows\PFRO.log
2014-08-21 09:38 - 2014-08-21 09:34 - 00000000 ___SD () C:\ComboFix
2014-08-21 08:16 - 2014-08-21 08:16 - 00000000 ____D () C:\Qoobox
2014-08-21 08:15 - 2014-08-21 08:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 08:13 - 2008-01-28 19:00 - 00147152 _____ () C:\Windows\hpoins21.dat
2014-08-21 08:13 - 2007-07-15 16:40 - 00050997 _____ () C:\ProgramData\hpzinstall.log
2014-08-21 08:02 - 2006-11-02 05:23 - 00000179 _____ () C:\Windows\win.ini
2014-08-21 07:59 - 2014-08-18 09:02 - 00005565 _____ () C:\Windows\setupact.log
2014-08-21 07:59 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-08-21 07:56 - 2014-08-21 07:56 - 00003954 _____ () C:\Users\Gary\Desktop\gringo.txt
2014-08-21 07:49 - 2014-08-21 07:49 - 05572251 ____R (Swearware) C:\Users\Gary\Desktop\ComboFix.exe
2014-08-20 15:32 - 2014-04-29 09:58 - 00013024 _____ () C:\Users\Gary\Documents\GOLF SCORE.xlsx
2014-08-20 14:39 - 2014-08-20 14:39 - 00002093 _____ () C:\Users\Gary\Desktop\JRT.txt
2014-08-20 14:11 - 2014-08-20 14:11 - 00000000 ____D () C:\Windows\ERUNT
2014-08-20 14:00 - 2014-08-20 14:00 - 01016261 _____ (Thisisu) C:\Users\Gary\Desktop\JRT.exe
2014-08-20 13:49 - 2014-08-20 13:34 - 00000000 ____D () C:\AdwCleaner
2014-08-20 07:54 - 2014-08-20 07:54 - 01361671 _____ () C:\Users\Gary\Desktop\AdwCleaner.exe
2014-08-19 10:24 - 2014-08-18 13:05 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 09:58 - 2014-08-18 12:34 - 00002412 _____ () C:\Users\Gary\Desktop\Rkill.txt
2014-08-19 08:27 - 2014-08-19 08:24 - 00048571 _____ () C:\Users\Gary\Desktop\attach.txt
2014-08-19 08:27 - 2014-08-19 08:24 - 00018527 _____ () C:\Users\Gary\Desktop\dds.txt
2014-08-19 08:18 - 2014-08-19 08:18 - 00688992 ____R (Swearware) C:\Users\Gary\Desktop\dds.com
2014-08-18 20:31 - 2014-08-18 20:31 - 00000674 _____ () C:\Users\Gary\Desktop\esets scan.txt
2014-08-18 17:03 - 2014-08-18 17:03 - 00000000 ____D () C:\Program Files\ESET
2014-08-18 17:02 - 2014-08-18 17:02 - 02347384 _____ (ESET) C:\Users\Gary\Desktop\esetsmartinstaller_enu.exe
2014-08-18 17:01 - 2014-08-18 17:01 - 02347384 _____ (ESET) C:\Users\Gary\Downloads\esetsmartinstaller_enu.exe
2014-08-18 15:49 - 2014-08-18 15:49 - 00001061 _____ () C:\malware.txt
2014-08-18 15:12 - 2014-08-18 15:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Gary\Desktop\rkill.exe
2014-08-18 14:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Cursors
2014-08-18 13:05 - 2014-08-18 13:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-18 13:05 - 2014-08-18 13:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-18 13:01 - 2014-08-18 13:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gary\Desktop\aaaabc.exe
2014-08-18 09:11 - 2014-08-18 09:06 - 00000000 ____D () C:\Program Files\FastFixPRO
2014-08-18 09:07 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\AppData\Local\FixSoft_USA
2014-08-18 09:06 - 2014-08-18 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastFixPRO
2014-08-18 09:05 - 2014-08-18 09:05 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\FixSoft USA
2014-08-18 09:02 - 2014-08-18 09:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-17 16:25 - 2007-07-04 16:39 - 00000000 ____D () C:\Program Files\Google
2014-08-17 16:18 - 2007-07-28 12:23 - 00000000 ____D () C:\ProgramData\Google
2014-08-17 16:18 - 2007-07-04 16:43 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2014-08-17 10:22 - 2007-06-17 10:54 - 00000000 ____D () C:\Windows\Minidump
2014-08-16 13:00 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 11:16 - 2007-06-15 14:21 - 00000000 ____D () C:\Users\Gary
2014-08-16 11:14 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-08-16 11:13 - 2007-09-15 16:42 - 00000000 ____D () C:\Users\Brittany
2014-08-16 11:13 - 2007-07-19 15:27 - 00000000 ____D () C:\Users\Guest
2014-08-16 11:13 - 2007-07-04 07:53 - 00000000 ____D () C:\Users\NICOLE
2014-08-16 11:13 - 2007-07-03 20:25 - 00000000 ____D () C:\Users\Brandon
2014-08-16 11:13 - 2007-06-16 18:40 - 00000000 ____D () C:\Users\Maugie.Holcomb-PC
2014-08-16 11:13 - 2006-11-02 05:22 - 62914560 _____ () C:\Windows\system32\config\software_previous
2014-08-16 11:13 - 2006-11-02 05:22 - 43253760 _____ () C:\Windows\system32\config\components_previous
2014-08-16 11:13 - 2006-11-02 05:22 - 34340864 _____ () C:\Windows\system32\config\system_previous
2014-08-16 11:13 - 2006-11-02 05:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-08-16 11:13 - 2006-11-02 05:22 - 00241664 _____ () C:\Windows\system32\config\sam_previous
2014-08-16 11:13 - 2006-11-02 05:22 - 00028672 _____ () C:\Windows\system32\config\security_previous
2014-08-16 11:12 - 2009-02-22 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 11:12 - 2008-01-28 19:07 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-08-16 11:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-08-16 11:12 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-08-16 09:57 - 2007-06-18 19:59 - 00000000 ____D () C:\Windows\pss
2014-08-15 17:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 10:33 - 2007-03-20 08:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 10:32 - 2013-08-04 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:13 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 09:45 - 2014-08-11 11:38 - 01831936 _____ () C:\Users\Gary\Documents\GolfHandicapTracker.xls
2014-08-11 11:12 - 2007-07-15 11:06 - 00000000 ____D () C:\Users\Gary\Documents\gary work
2014-08-08 10:37 - 2014-08-08 10:37 - 00000000 ____D () C:\Users\Gary\AppData\Local\Adobe
2014-08-06 09:29 - 2012-04-21 08:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-06 09:29 - 2011-06-12 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-05 09:20 - 2009-10-02 21:27 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 17:14 - 2014-08-04 17:14 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 17:14 - 2014-08-04 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 17:14 - 2014-08-04 17:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-04 17:14 - 2014-08-04 17:12 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 17:13 - 2014-08-04 17:13 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 17:13 - 2011-09-17 07:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-04 09:39 - 2007-03-20 08:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-28 18:04 - 2014-07-28 18:04 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 18:02 - 2014-07-28 18:02 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\.minecraft
2014-07-26 08:39 - 2008-03-23 13:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 09:41 - 2010-06-06 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Gary\AppData\Local\Temp\catchme.dll
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\CSDWebLaunch.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\lowproc.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-21 18:50

==================== End Of Log ============================



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 21 August 2014 - 08:09 PM

Hello ggholcomb



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.23KB   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ggholcomb

ggholcomb
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 21 August 2014 - 08:44 PM

ran FRST again and hit fix:  here is the text

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-08-2014
Ran by Gary at 2014-08-21 20:41:44 Run:1
Running from C:\Users\Gary\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2014-08-18 09:07 - 2014-08-21 18:48 - 00000000 ____D () C:\Users\Gary\Documents\FastFix
2014-08-18 09:07 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\AppData\Local\FixSoft_USA
2014-08-18 09:06 - 2014-08-18 09:11 - 00000000 ____D () C:\Program Files\FastFixPRO
2014-08-18 09:06 - 2014-08-18 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastFixPRO
2014-08-18 09:05 - 2014-08-18 09:05 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\FixSoft USA
2014-08-21 18:48 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\Documents\FastFix
2014-08-18 09:11 - 2014-08-18 09:06 - 00000000 ____D () C:\Program Files\FastFixPRO
2014-08-18 09:07 - 2014-08-18 09:07 - 00000000 ____D () C:\Users\Gary\AppData\Local\FixSoft_USA
2014-08-18 09:06 - 2014-08-18 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastFixPRO
2014-08-18 09:05 - 2014-08-18 09:05 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\FixSoft USA
C:\Users\Gary\AppData\Local\Temp\catchme.dll
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\CSDWebLaunch.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\lowproc.exe
C:\Users\Maugie.Holcomb-PC\AppData\Local\Temp\stubhelper.dll

*****************

C:\Users\Gary\Documents\FastFix => Moved successfully.
C:\Users\Gary\AppData\Local\FixSoft_USA => Moved successfully.
C:\Program Files\FastFixPRO => Moved successfully.

 

 

 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 22 August 2014 - 06:13 AM

How are things doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users